User's Manual Part 2
45JadeOSUserManual
Step2Denytcptrafficfrom60.0.0.0/255.255.255.0to192.168.10.0/255.255.255.0
withportrange1‐1023.
(JadeOS) (config-std-test-extended)# deny tcp 60.0.0.0 255.255.255.0
192.168.10.0 255.255.255.0 range 1 1023
Step3Permitallthetcpport80trafficto192.168.10.0/255.255.255.0.
(JadeOS) (config-std-test-extended)# permit tcp any 192.168.10.0
255.255.255.0 eq
7.1.3SessionACL
SessionACLcanspecifytheoperationis‘deny’or‘drop’;thematchedrulearepro‐
tocolnumber,sourceIPaddressornetworksegment,destinationIPaddressornet‐
worksegmentandrangeofportnumber.Basedonfiveelements(protocol,sourceIP
address,sourceportnumber,destinationIPaddress),sessionACLcantrackallthe
dataofthissessiontoachievethecomplexfunction,suchasSNAT,DNAT.
SessionACLisusedtocontroluserauthentication.PleaserefertoChapter9formore
information.
Step1CreateasessionACLnamedtest‐session
(JadeOS) (config)#ip access-list standard test-session
Step2Allthetrafficfrom192.168.20.0/255.255.255.0willbetranslatedbySNAT
function.NAT‐POOLisusedbyNATpool.(Pleaserefertochanter7.3forhowtocre‐
ateNATpool)
(JadeOS) (config-std-test-extended)# network 192.168.20.0
255.255.255.0 any any src-nat pool NAT_POOL
Step3:Allthetrafficfrom192.168.30.0/255.255.255.0will betranslatedtoaddress
10.10.10.134byDNATfunction.
(JadeOS) (config-std-test-extended)# network 192.168.30.0
255.255.255.0 any any dst-nat ip 10.10.10.134
7.2Session
JadeOSwillmaintainasessiontableforeachsession.Thesessiontableisbasedon
fiveelements(protocol,sourceIPaddress,sourceportnumber,destinationIPad‐
dress).Whenthesystemreceivesthefirstdatapacketofthesession,itwillcreatea
sessiontableforthesession.Basedonthis
session,thefollowingdatapacketwillbe
uniformlyhandledbyJadeOS,forex ample,SNATwillbetransferredtothesamead‐
dressbyNATfunction.Whenthesessionisterminated(forexample,monitortcpfin
message)ortimeout(notrafficforalongtime),sessiontablewillbedeleted.