Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Configuring Service Sets for Network Address Translation

    When configuring a service set for Network Address Translation (NAT) processing, make sure you have defined:

    • Service interfaces for handling inbound and outbound traffic
    • A NAT rule or rule set

    Note: Prior to Junos OS Release 11.4R3, you could use a source NAT pool only in a single service set. In Junos OS Release 11.4R3 and subsequent releases, you can reuse a source or destination NAT pool in multiple service sets, provided that the service interfaces associated with the service sets are in different virtual routing and forwarding (VRF) instances.

    • For interface-style service sets, when a NAT pool is reused in multiple service sets, the service interfaces used in the interface-service service-interface option of each service set must be in different VRFs.
    • For next-hop-style service sets, when a NAT pool is reused in multiple service sets, the service interfaces used in the outside-interface option of each service set must be in different VRFs.

      Not adhering to these service interface restrictions causes multiple routes to be installed in the same VRF for the same NAT addresses, thereby causing reverse traffic to be processed incorrectly.

    To enable sharing of source NAT pools, include the allow-overlapping-nat-pools statement at the [edit services nat] hierarchy level.

    To configure a NAT service set:

    1. At the [edit services] hierarchy level, define the service set.
      [edit services]
      user@host# edit service-set service-set-name
    2. Configure either an interface service, which requires a single service interface, or a next-hop service, which requires an inside and outside service interface.
      [edit services service-set service-set-name]
      user@host# set interface-service service-interface interface-name

      Or

      [edit services service-set service-set-name]
      user@host# set next-hop-service inside-service-interface interface-name outside-service-interface interface-name

      Note: On ACX Series routers, you can use an inline-services interface as shown in this example:

      [edit]
      user@host# set interfaces si-0/0/0
      [edit services service-set s1]
      user@host# set interface-service service-interface si-0/0/0

      For more information on interface service and next-hop service, see Configuring Service Sets to Be Applied to Services Interfaces.

    3. Configure a reference to the NAT rules or rule set to be used with the service set.
      [edit services service-set service-set-name]
      user@host set nat-rules rule-or-ruleset-name

    Modified: 2017-09-13