Persistent NAT allows applications to use the Session Traversal Utilities for NAT (STUN) protocol when passing through NAT firewalls (see Understanding Session Traversal Utilities for NAT (STUN) Protocol). Persistent NAT ensures that all requests from the same internal transport address are mapped to the same external transport address by the NAT device closest to the STUN server.
The following types of persistent NAT can be configured on the Juniper Networks device:
You configure any of the persistent NAT types with source NAT rules. The source NAT rule action can use a source NAT pool (with or without port translation) or an egress interface. Persistent NAT is not applicable for destination NAT, because persistent NAT bindings are based on outgoing sessions from internal to external.
Note: Port overloading is used in JUNOS Software only for normal interface NAT traffic. Persistent NAT does not support port overloading, and you must explicitly disable port overloading with the port-overloading off option at the [edit security nat source] hierarchy level.
To configure security policies to permit or deny persistent NAT traffic, you can use two new predefined services—junos-stun and junos-persistent-nat.
Note: Persistent NAT is different from the persistent address feature (see Example: Configuring a Persistent Address). The persistent address feature applies to address mappings for source NAT pools configured on the device. The persistent NAT feature applies to address mappings on an external NAT device, and is configured for a specific source NAT pool or egress interface. Also, persistent NAT is intended for use with STUN client-server applications.