[Contents] [Prev] [Next] [Index] [Report an Error]

Example: Configuring Source NAT on J-series Services Routers

When performing source Network Address Translation (NAT-src), source pool provides JUNOS software with a supply of addresses from which to draw. When a policy requires NAT-src and references a specific source pool, JUNOS software draws addresses from that pool when translation is performed.

Before You Begin
For background information, read: Source IP Address Translation Overview Understanding NAT Interface Source Pools Understanding NAT Source Pools with PAT Understanding NAT Source Pools Without PAT Understanding NAT Static Source Pools Understanding NAT Allow-Incoming Source Pools Example: Configuring Security Policies—Detailed Configuration

Before You Begin

For background information, read:

In this example, you perform the following tasks:

Define a source pool (src-nat-with-pat) on an interface (ge-0/0/0.0) that contains an address range (10.1.1.20 10.1.1.30) and an address (10.1.1.2) with port address translation.
Define a source pool (src-nat-wo-pat) on an interface (ge-0/0/0.0) that contains an address range (10.1.1.3 10.1.1.5) without port address translation and uses (src-nat-with-pat) as the overflow pool.
Define a source pool (src-nat-static) on an interface (ge-0/0/1.0) that maps an IP address range (1.1.1.10 1.1.120) to an IP address range (20.1.1.10 20.1.1.20).
Define a source pool (src-nat-incoming) on an interface (ge-0/0/1.0) that contains an IP address range (20.1.1.25 20.1.1.30) with allow-incoming enabled.
Reference source pool (src-nat-with-pat) in a policy (src-nat-policy-1).
Reference an interface source pool in a policy (src-nat-policy-2).

CLI Configuration



user@host# set security nat interface ge-0/0/0.0
source-nat pool src-nat-with-pat address 10.1.1.2

user@host# set security nat interface ge-0/0/0.0
source-nat pool src-nat-with-pat address-range low 10.1.1.20 high
10.1.1.30

user@host# set security nat interface ge-0/0/0.0
source-nat pool src-nat-wo-pat address-range low 10.1.1.3 high 10.1.1.5

user@host# set security nat interface ge-0/0/0.0
source-nat pool src-nat-wo-pat no-port-translation

user@host# set security nat interface ge-0/0/1.0
source-nat pool src-nat-static address-range low 20.1.1.10 high 20.1.1.20

user@host# set security nat interface ge-0/0/1.0
source-nat pool src-nat-static host-address-low 1.1.1.10

user@host# set security nat interface ge-0/0/1.0
source-nat pool src-nat-incoming address low 20.1.1.25 high 20.1.1.50

user@host#set security nat interface ge-0/0/1.0
source-nat pool src-nat-incoming allow-incoming 

user@host# set security policies from-zone
Red to-zone Green policy src-nat-policy-1 match source-address any

user@host#set security policies from-zone
Red to-zone Green policy src-nat-policy-1 match destination-address
any 

user@host#set security policies from-zone
Red to-zone Green policy src-nat-policy-1 match application any

user@host#set security policies from-zone
Red to-zone Green policy src-nat-policy-1 then permit source-nat pool
src-nat-with-pat 

user@host# set security policies from-zone
Red to-zone Green policy src-nat-policy-2 match source-address any

user@host# set security policies from-zone
Red to-zone Green policy src-nat-policy-2 match destination-address
any

user@host# set security policies from-zone
Red to-zone Green policy src-nat-policy-2 match application any

user@host# set security policies from-zone
Red to-zone Green policy src-nat-policy-2 then permit source-nat interface

Example: Configuring Source NAT on J-series Services Routers

CLI Configuration

Related Topics