[Contents] [Prev] [Next] [Index] [Report an Error]

Example: Configuring Destination NAT on J-series Services Routers

JUNOS software allows you to define policies to translate the destination address from one IP address to another.

Before You Begin
For background information, read Understanding NAT .

In this example, you perform the following tasks:

Define a destination NAT (one-addr-dst-nat) with an IP address (20.1.1.1).
Define a destination NAT (addr-range-dst-nat) with an IP address range (30.1.1.0 to 30.1.1.255).
Define a destination NAT (addr-and-port-dst-nat) with an IP address (40.1.1.1) and a port number (8080).
Define a reference (one-addr-dst-nat) in a policy (dst-nat-policy-1) to map a destination IP subnet (2.1.1.0/24) to address (20.1.1.1).
Define a reference (addr-range-dst-nat) in a policy (dst-nat-policy-2) to map a destination IP subnet (3.1.1.0/24) to a subnet (30.1.1.0/24).
Define a reference (addr-and-port-dst-nat) in a policy (dst-nat-policy-3) to map a destination IP subnet (4.1.1.0/24) and a port number (80) to an address (40.1.1.1) and a port number (8080).

CLI Configuration



user@host# set security nat destination-nat
one-addr-dst-nat address 20.1.1.1

user@host# set security nat destination-nat
addr-range-dst-nat address-range low 30.1.1.10 high 30.1.1.255

user@host# set security nat destination-nat
addr-and-port-dst-nat address 40.1.1.1 port 8080

user@host# set security policies from zone
Red to-zone Green policy dst-nat-policy-1 match source-address any

user@host# set security policies from zone
Red to-zone Green policy dst-nat-policy-1 match destination-address
2.1.1.0/24

user@host# set security policies from zone
Red to-zone Green policy dst-nat-policy-1 match application any

user@host# set security policies from zone
Red to-zone Green policy dst-nat-policy-1 then permit destination-nat
one-address-nat

user@host# set security policies from zone
Red to-zone Green policy dst-nat-policy-2 match source-address any

user@host# set security policies from zone
Red to-zone Green policy dst-nat-policy-2 match destination-address
3.1.1.0/24

user@host# set security policies from zone
Red to-zone Green policy dst-nat-policy-2 match application any

user@host# set security policies from zone
Red to-zone Green policy dst-nat-policy-2 then permit destination-nat
addr-range-dst-nat

user@host# set security policies from zone
Red to-zone Green policy dst-nat-policy-3 match source-address any

user@host# set security policies from zone
Red to-zone Green policy dst-nat-policy-3 match destination-address
4.1.1.0/24

user@host# set security policies from zone
Red to-zone Green policy dst-nat-policy-3 match application junos-http

user@host# set security policies from zone
Red to-zone Green policy dst-nat-policy-3 then permit destination-nat
addr-and-port-dst-nat

Example: Configuring Destination NAT on J-series Services Routers

CLI Configuration

Related Topics