[Contents] [Prev] [Next] [Index] [Report an Error]

Configuring Static NAT

Static NAT is a direct one-to-one mapping of one IP address to another without port address translation.

Before You Begin

For background information, read:

In this example, you perform the following tasks:

  1. Define a static NAT on an interface (ge-0/0.0.0) that maps a host IP address (10.1.1.1) to an address (1.1.1.1).
  2. Define a static NAT on an interface (ge-0/0/0.0) that maps a host IP subnet (10.1.3.0/24) to a subnet (1.1.3.0/24).
  3. Reference a static NAT (1.1.3.0/24) in a policy (static-nat-policy).

CLI Configuration

To configure static NAT, use the CLI configuration editor:

  1. Configure interfaces.
    user@host#set interfaces ge-0/0/0 unit 0 family inet address 10.1.1.1/24
    user@host# set interfaces ge-0/0/2 unit 0 family inet address 1.1.1.1/24
  2. Configure zones.
    user@host# set security zones security-zone private
    user@host#set security zones security-zone public
    user@host# set security zones security-zone private interfaces ge-0/0/0.0
    user@host# set security zones security-zone public interfaces ge-0/0/2.0
  3. Configure addresses.
    user@host#set security zones security-zone private address-book address phone1 10.1.1.3/32
    user@host# set security zones security-zone private address-book address proxy 10.1.1.4/32
    user@host# set security zones security-zone public address-book address phone2 1.1.1.4/32
  4. Configure static NAT.
    user@host#set security nat interface ge-0/0/2.0 static-nat 1.1.1.2/32 host 10.1.1.4/32
  5. Configure policies.
    user@host#set security policies from-zone private to-zone public policy outgoing match source-address any
    user@host# set security policies from-zone private to-zone public policy outgoing match destination-address phone2
    user@host#set security policies from-zone private to-zone public policy outgoing match application junos-sip
    user@host# set security policies from-zone private to-zone public policy outgoing then permit source-nat interface
    user@host# set security policies from-zone public to-zone junos-global policy incoming match source-address phone2
    user@host# set security policies from-zone public to-zone junos-global policy incoming match destination-address static_nat_1.1.1.2_32
    user@host# set security policies from-zone public to-zone junos-global policy incoming match application junos-sip
    user@host#set security policies from-zone public to-zone junos-global policy incoming then permit

Related Topics

[Contents] [Prev] [Next] [Index] [Report an Error]

Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice.