 | Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |
Twice NAT, specified in RFC 2663, IP Network Address Translator (NAT) Terminology and Considerations, is fully supported by JUNOS software.
In twice NAT, both the source and destination addresses are subject to translation as packets traverse the NAT router. For example, you would use twice NAT when you are connecting two networks in which all or some addresses in one network overlap with addresses in another network (whether the network is private or public). In traditional NAT, only one of the addresses is translated.
To configure twice NAT, you must specify both a destination address and a source address for the match direction, pool or prefix, and translation type.
You can configure application-level gateways (ALGs) for ICMP and traceroute under stateful firewall, NAT, or CoS rules when twice NAT is configured in the same service set. These ALGs cannot be applied to flows created by the Packet Gateway Controller Protocol (PGCP). Twice NAT does not support other ALGs. By default, the twice NAT feature can affect IP, TCP, and UDP headers embedded in the payload of ICMP error messages.
For more information about configuring NAT rules, see Network Address Translation Services Configuration Guidelines.
| Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |