Applying NAT Rules to Traffic

After you protect an access with a firewall and have obtained one or more public IP addresses for the access, you can apply the following types of NAT rules to traffic on the access.

• Public addresses for outgoing traffic

  Also known as dynamic source NAT, this type of NAT allows computers with private IP addresses in a private network to share a small set of public IP addresses for outgoing connections. For example, employees in an enterprise can use these public IP address for browsing the Web. You can specify the source IP addresses and, optionally, the ports that the outgoing traffic will use.

• Public addresses for incoming traffic

  Also known as static destination NAT, this type of NAT allows you to expose to the world a server, such as a Web server, that has a private IP address in your private network. You specify a public IP address, and incoming connections destined for that public IP address will be received by your server at its private IP address.

• Fixed public addresses for outgoing traffic

  Also known as static source NAT, this type of NAT allows you to specify the public source IP to be used for specific outgoing traffic. To specify this type of NAT you must set the configuration level of the portal to Advanced (see Setting the Configuration Level for Enterprise Manager Portal).

Enterprise Manager Portal ensures that the SAE activates a basic firewall service before it activates a NAT service.

To apply NAT rules to traffic on JUNOS routing platforms:

1. In the navigation pane of Enterprise Manager Portal, click the access that connects to the router.
2. Click the NAT tab.

   The NAT page appears.

   Figure 27: NAT Page

   

3. Configure NAT for incoming and outgoing interfaces on the router.

Related Topics

•  Configuring Public IP Addresses for Outgoing Traffic
•  Configuring Public IP Addresses for Incoming Traffic

Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice.