To configure persistent NAT, specify the following with the
source NAT rule action (for either a source NAT pool or an egress
interface):
The type of persistent NAT—One of the following:
any remote host, target host, or target host port (see Understanding Persistent NAT).
(Optional) Inactivity timeout—Time, in seconds,
that the persistent NAT binding remains in the device’s memory
when all the sessions of the binding entry are gone. When the configured
timeout is reached, the binding is removed from memory. The default
value is 5 seconds. Configure a value from 60 through 7200 seconds.
(Optional) Maximum session number—Maximum number
of sessions with which a persistent NAT binding can be associated.
The default is 30 sessions. Configure a value from 8 through 100.
For interface NAT, you need to explicitly disable port overloading
with the port-overloading off option at the [edit security
nat source] hierarchy level.
Finally, there are two predefined services that you can use
in security policies to permit or deny STUN and persistent NAT traffic:
junos-stun—STUN protocol traffic
junos-persistent-nat—Persistent NAT traffic
For the any remote host persistent NAT type, the direction
of the security policy is from external to internal. For target host
or target host port persistent NAT types, the direction of the security
policy is from internal to external.
