Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation
Table of Contents
Guide That Contains This Content
[+] Expand All
[-] Collapse All
     

    Related Documentation

     

    Configuring Dynamic Source Address and Port Translation in IPv4 Networks

    Network Address Port Translation (NAPT) is a method by which many network addresses and their TCP/UDP (Transmission Control Protocol/User Datagram Protocol) ports are translated into a single network address and its TCP/UDP ports. This translation can be configured in both IPv4 and IPv6 networks. This section describes the steps for configuring NAPT in IPv4 networks.

    To configure NAPT, you need to configure a rule at the [edit services nat] hierarchy level for dynamically translating the source IPv4 addresses.

    To configure the NAPT in IPv4 networks:

    1. In configuration mode, go to the [edit services] hierarchy level:
      [edit]user@host# edit services
    2. Configure the service set and NAT rule.
      [edit services]user@host# set service-set service-set-name nat-rules rule-name

      In the following example, the name of the service set is s1 and the name of the NAT rule is rule-napt-44.

      [edit services]user@host# set service-set s1 nat-rules rule-napt-44
    3. Go to the [interface-service] hierarchy level of the service set.
      [edit services]user@host# edit service-set s1 interface-service
    4. Configure the service interface.
      [edit services service-set s1 interface service]user@host# set service-interface service-interface-name

      In the following example, the name of the service interface is ms-0/1/0.

      Note: If the service interface is not present in the router, or the specified interface is not functional, the following command can result in an error.

      [edit services service-set s1 interface service]user@host# set service-interface ms-0/1/0
    5. Go to the [edit services nat] hierarchy level. Issue the command from the top of the services hierarchy, or use the top keyword.
      [edit services service-set s1 interface service]user@host# top edit services nat
    6. Configure the NAT pool with an address.
      [edit services nat]user@host# set pool pool-name address address

      In the following example, the name of the pool is napt-pool and the address is 10.10.10.0.

      [edit services nat]user@host# set pool napt-pool address 10.10.10.0
    7. Configure the port.
      [edit services nat]user@host# set pool pool-name port port-type

      In the following example, the port type is selected as automatic.

      [edit services nat]user@host# set pool napt-pool port automatic
    8. Configure the rule and the match direction.
      [edit services nat]user@host# set rule rule-name match-direction match-direction

      In the following example, the name of the rule is rule-napt-44 and the match direction is input.

      [edit services nat]user@host# set rule rule-napt-44 match-direction input
    9. Configure the term, the action for the translated traffic, and the translation type.
      [edit services nat]user@host# set rule rule-name term term-name then translated translated-action translation-type translation- type

      In the following example, the name of the term is t1, the action for the translated traffic is translated, the name of the source pool is napt-pool, and the translation type is napt-44.

      [edit services nat]user@host# set rule rule-napt-44 match-direction input term t1 then translated source-pool napt-pool translation-type napt-44
    10. Go to the [edit services adaptive-services-pics] hierarchy level. In the command, the top keyword ensures that the command is run from the top of the hierarchy.
      [edit services nat]user@host# top edit services adaptive-services-pics
    11. Configure the trace options.
      [edit services adaptive-services-pics]user@host# set traceoptions flag tracing parameter

      In the following example, the tracing parameter is configured as all.

      [edit services adaptive-services-pics]user@host# set traceoptions flag all
    12. Verify the configuration by using the show command at the [edit services] hierarchy level.
      [edit services]
user@host# show 
service-set s1 {
    nat-rules rule-napt-44;
    interface-service {
        service-interface ms-0/1/0;
    }
}
nat {
    pool napt-pool {
        address 10.10.10.0/32;
        port {
            automatic;
        }
    }
    rule rule-napt-44 {
        match-direction input;
        term t1 {
            then {
                translated {
                    source-pool napt-pool;
                    translation-type {
                        napt-44;
                    }
                }
            }
        }
    }
}
adaptive-services-pics {
    traceoptions {
        flag all;
    }
}
     

    Related Documentation

     

    Published: 2012-07-02

    Previous Page Next Page