nat

Syntax

nat {destination {pool pool-name {address < ip-address > (to ip-address | port port-number );routing-instance routing-instance-name ;}rule-set rule-set-name {from interface [interface-name] | routing-instance [routing-instance-name] | zone [zone-name];rule rule-name {match {destination-address destination-address ;destination-port port-number ;source-address [source-address];}then {destination-nat (off | pool pool-name );}}}}proxy-arp {interface interface-name {address ip-address to ip-address ;}}source {address-persistent;interface {port-overloading { off };}pool pool-name {address ip-address to ip-address ;host-address-base ip-address ;overflow-pool (interface | pool-name );port no-translation | range high ip-address low ip-address ;routing-instance routing-instance-name ;}pool-utilization-alarm {clear-threshold threshold-value ;raise-threshold threshold-value ;}port-randomization {disable;}rule-set rule-set-name {from interface [interface-name] | routing-instance [routing-instance-name] | zone [zone-name];rule rule-name {match {destination-address [destination-address];source-address [source-address];}then {source-nat (off | interface | pool pool-name );persistent-nat {address-mapping;inactivity-timeout seconds;max-session-number number;permit ( any-remote-host | target-host | target-host-port );}}}to interface [interface-name] | routing-instance [routing-instance-name] | zone [zone-name];}}static {rule-set rule-set-name {from interface [interface-name] | routing-instance [routing-instance-name] | zone [zone-name];rule rule-name {match {destination-address [destination-address];}then {static-nat prefix < addr-prefix ><routing-instance routing-instance-name >;}}}}traceoptions {file filename {<files number >;<match regular-expression >;<size maximum-file-size >;<world-readable | no-world-readable>;}flag {all;destination-nat-pfe;destination-nat-re;destination-nat-rt;source-nat-pfe;source-nat-re;source-nat-rt;static-nat-pfe;static-nat-re;static-nat-rt;}no-remote-trace;}}

Hierarchy Level

[edit security]

Release Information

Statement modified in Release 9.6 of Junos OS.

Description

Configure Network Address Translation (NAT) for the SRX Series device.

Options

The remaining statements are explained separately.

Usage Guidelines

For configuration instructions and examples, see the Junos OS Security Configuration Guide.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.