Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation
Table of Contents
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Understanding Source NAT Rules

    Source NAT rules specify two layers of match conditions:

    • Traffic direction—Allows you to specify combinations of from interface, from zone, or from routing-instance and to interface, to zone, or to routing-instance. You cannot configure the same from and to contexts for different rule sets.
    • Packet information—Can be source and destination IP addresses or subnets.

    If multiple source NAT rules overlap in the match conditions, the most specific rule is chosen. For example, if rules A and B specify the same source and destination IP addresses, but rule A specifies traffic from zone 1 to zone 2 and rule B specifies traffic from zone 1 to interface ge-0/0/0, rule B is used to perform source NAT. An interface match is considered to be more specific than a zone match, which is more specific than a routing instance match. For more information about rule set matching, see Understanding NAT Rule Sets and Rules.

    The actions you can specify for a source NAT rule are:

    • off—Do not perform source NAT.
    • pool—Use the specified user-defined address pool to perform source NAT.
    • interface—Use the egress interface’s IP address to perform source NAT.

    Source NAT rules are applied to traffic in the first packet that is processed for the flow or in the fast path for the ALG. Source NAT rules are processed after static NAT rules, destination NAT rules, and reverse mapping of static NAT rules and after route and security policy lookup.

     

    Related Documentation

     

    Published: 2012-06-29

    Previous Page Next Page