You can use the pool statement to define the addresses (or prefixes), address ranges, and ports used for network address translation. You can also use the pool statement to specify that NAT pool is used exclusively by the packet gateway. To configure the information, include the pool statement at the [edit services nat] hierarchy level:
-
pool nat-pool-name {
-
address [ prefix ];
-
pgcp;
-
address-range [ low minimum-value high maximum-value];
-
-
port (automatic | range low minimum-value high maximum-value)
{
- random-allocation;
- }
- }
To configure pools for traditional NAT, you specify either a destination pool or a source pool. To configure pools for twice NAT, you specify both the destination pool and the source pool.
With static source NAT and dynamic source NAT, you can specify multiple IPv4 or IPv6 addresses (or prefixes) and IPv4 and IPv6 address ranges. Up to 10 prefixes or address ranges (or a combination) can be supported within a single pool.
With static destination NAT, you can also specify multiple address prefixes and address ranges in a single term. Multiple destination NAT terms can share a destination NAT pool. However, the netmask or range for the from address must be smaller or equal to the netmask or range for the destination pool address. If you define the pool to be larger than required, some addresses will not be used. For example, if you define the pool size as 100 addresses and the rule specifies only 80 addresses, the last 20 addresses in the pool are not used.
For constraints on specific translation types, see Configuring NAT Actions.
With source static NAT, the prefixes and address ranges cannot overlap between separate pools. However, source dynamic NAT (without NAPT) and destination static NAT allow more than one rule or service set to refer to the same pool, and allow multiple pools to have subnets that can overlap. A prefix pool can be used by multiple rules or terms.
 |
Note: When you configure address pools for NAT and user access, these address pools can overlap with one another. To configure overlapping address pools, include the address or address-range statement at the [edit access address-pool pool-name] and [edit services nat pool pool-name] hierarchy level. |
In an address range, the low value must be a lower number than the high value. When multiple address ranges and prefixes are configured, the prefixes are depleted first, followed by the address ranges.
When you specify a port for dynamic source NAT, address ranges are limited to a maximum of 32 addresses, for a total of approximately 2,000 flows. A dynamic NAT pool with no address port translation supports up to 65,535 addresses. There is no limit on the pool size for static source NAT.
The port statement specifies port assignment for the translated addresses. To configure automatic assignment of ports, include the port automatic statement at the [edit services nat pool nat-pool-name] hierarchy level. To configure a specific range of port numbers, include the port range low minimum-value high maximum-value statement at the [edit services nat pool nat-pool-name] hierarchy level. By default, the JUNOS software allocates NAT ports sequentially. To configure random port allocation, include the random-allocation statement.
For more information about configuring a NAT pool for the packet gateway by including the pgcp statement, see Configuring NAT Pools for the Packet Gateway.
 | Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |