[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

Configuring NAT Actions

To configure NAT actions, include the then statement at the [edit services nat rule rule-name term term-name] hierarchy level:




then {

no-translation;

syslog;



translated {

destination-pool nat-pool-name;

destination-prefix destination-prefix;

overload-pool overload-pool-name;

overload-prefix overload-prefix;

source-pool nat-pool-name;

source-prefix source-prefix;

translation-type (destination type | source type);



translation-type {
source type;
destination type;
}


}


}

The no-translation statement allows you to specify addresses that you want to be excluded from NAT.

The destination-pool, destination-prefix, source-pool, and source-prefix statements specify addressing information that you define by including the pool statement at the [edit services nat] hierarchy level; for more information, see Configuring Address and Port Information.

The overload-pool and overload-prefix statements specify a pool of addresses or an address prefix that can be used if the source pool becomes exhausted. If all the addresses in the source pool are in use, additional NAT sessions are supported using the overload pool. The overload pool must have NAPT configured.

For twice NAT, you can apply an overload pool for source addresses and combined source and destination addresses.

The syslog statement enables you to record an alert in the system logging facility.

The translation-type statement specifies what type of network address translation is used for source or destination traffic:

destination static—Implement address translation for destination traffic without port mapping. This requires the size of the source address space to be the same or smaller than the size of the destination address space. You must specify a destination-pool name. The referenced pool can contain multiple addresses but no port configuration.
source dynamic—Implement address translation for source traffic with NAPT. You must specify a source-pool name. The referenced pool must include a port or address configuration.
If port automatic or port range is specified, port translation is used. If a port is not defined, the port value defaults to 1.

The source dynamic option supports translating a large range of addresses to a smaller size pool. The requests from the source address range are assigned to the addresses in the pool until the pool is used up, and any additional requests are rejected. A NAT address assigned to a host is used for all concurrent sessions from that host. The address is released to the pool only after all the sessions for that host expire. This feature enables the router to share a few public IP addresses between several private hosts. Since all the private hosts might not simultaneously create sessions, they can share a few public IP addresses.
source static—Implement address translation for source traffic without port mapping. The size of the pool address space must be greater than or equal to the source address space. You must specify a source-pool name. The referenced pool must contain exactly one address or prefix and no port configuration. You must include exactly one source-address value at the [edit services nat rule rule-name term term-name from] hierarchy level; if it is a prefix, the size must be less than or equal to the pool prefix size. Any addresses in the pool that are not matched in the source-address value remain unused, because a pool cannot be shared among multiple terms or rules.

For traditional NAT, you can configure either translation-type destination or translation-type source, but not both. To configure twice NAT, you specify both a translation-type destination and a translation-type source.

Note: You can statically assign NAT addresses from a dynamic NAT pool. This capability enables you to advertise one subnet that represents the NAT pool and use an address within that subnet for static rules. Statically assigned addresses are not reused for dynamic assignment. Statically assigned addresses from a dynamic pool can only be used for source static NAT and not for destination static NAT.

Note: When configuring NAT, if you specify the following addresses that do not match the NAT flow or NAT rule, the corresponding traffic is dropped:

Addresses specified in the from destination-address statement, when you are using destination translation
Addresses specified in the source NAT pool when you are using source translation

For more information on NAT methods, see RFC 2663, IP Network Address Translator (NAT) Terminology and Considerations.

[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]