Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Understanding Destination NAT Rules

    Destination NAT rules specify two layers of match conditions:

    • Traffic direction—Allows you to specify from interface, from zone, or from routing-instance.
    • Packet information—Can be source IP addresses, destination IP address or subnet, or a single destination port number.

    If multiple destination NAT rules overlap in the match conditions, the most specific rule is chosen. For example, if rules A and B specify the same source and destination IP addresses, but rule A specifies traffic from zone 1 and rule B specifies traffic from interface ge-0/0/0, rule B is used to perform destination NAT. An interface match is considered to be more specific than a zone match, which is more specific than a routing instance match.

    The actions you can specify for a destination NAT rule are:

    • off—Do not perform destination NAT.
    • pool—Use the specified user-defined address pool to perform destination NAT.

    Destination NAT rules are applied to traffic in the first packet that is processed for the flow or in the fast path for the ALG. Destination NAT rules are processed after static NAT rules but before source NAT rules.

    Published: 2012-06-29