 | Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |
To configure a NAT rule, include the rule rule-name statement at the [edit services nat] hierarchy level:
-
rule rule-name {
-
match-direction (input | output);
-
-
term term-name {
-
nat-type (full-cone | symmetric);
-
-
from {
-
applications [ application-names ];
-
application-sets [ set-names ];
-
destination-address (address | any-unicast) <except>;
-
destination-address-range low minimum-value high maximum-value
- <except>;
-
destination-prefix-list list-name <except>;
-
source-address (address | any-unicast) <except>;
-
source-address-range low minimum-value high maximum-value <except>;
-
source-prefix-list list-name <except>;
- }
-
-
then {
-
no-translation;
-
-
translated {
-
destination-pool nat-pool-name;
-
destination-prefix prefix;
-
overload-pool overload-pool-name;
-
overload-prefix overload-prefix;
-
source-pool nat-pool-name;
-
source-prefix prefix;
-
translation-type (destination type | source type);
-
-
translation-type {
- source type;
- destination type;
- }
- }
-
syslog;
- }
- }
- }
Each NAT rule consists of a set of terms, similar to a firewall filter. A term consists of the following:
The following sections describe NAT rule content in more detail:
| Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |