A NAT instance distributes user packets to different NAT address pools for address translation according to ACL matching in the command line. Addresses can be selected from the corresponding NAT address pool to perform NAT for packets only when the packets match the specified ACL rule and the action defined for the rule is permit.
| ACL Matching Result | Processing Result of NAT |
|---|---|
| The packet matches the permit rule | NAT is executed |
| The packet matches the deny rule | NAT is not executed, the packet is forwarded directly. |
| The packet mismatches all rules | |
| The relative ACL does not exist | NAT is not executed, all packet are forwarded directly. |
| The relative ACL exists but there is no rule in the ACL |