IN THIS PAGE
Working with IP Addressing and NAT Services
You can configure NAT addressing and services from Enterprise Manager Portal. Topics include:
Requesting Public IP Addresses for NAT Services
To request one or more IP addresses:
In the navigation pane of Enterprise Manager Portal, click the access to which you want to request an IP address.
Click the Addresses tab.
The Addresses page appears.
In the Number of Addresses field, enter the number of addresses that you want.
(Optional) If you specify multiple IP addresses and you want the addresses to be sequential, select Contiguous.
Enterprise Manager Portal sends a request to the service provider for the IP addresses and displays the number of outstanding requests. When the service provider allocates the IP addresses, Enterprise Manager Portal displays the public IP addresses assigned to this access and makes the addresses visible in the menus on the NAT page for that access, as shown in Figure 11. If a request for an IP address is outstanding for a certain period of time, Enterprise Manager Portal automatically sends a reminder to the service provider.
Address Fields for NAT Addressing in Enterprise Manager Portal
Use the fields in this topic to specify address range(s).
Number of Addresses
Number of IP addresses that you want the service provider to supply.
Value—Integer in the range 1–2147483647
Whether or not requested multiple IP addresses should be sequential.
Checked box—IP addresses must be contiguous
Empty box—IP address need not be contiguous
Default—IP address need not be contiguous
Canceling Requests for Public IP Addresses
To cancel a request:
Click Cancel for that request in the Outstanding Requests for IP Addresses table.
Returning Public IP Addresses to Service Providers
To return one or more IP addresses to the service provider:
Start at the Addresses page for the subscriber.
In the Public IP Addresses table, click in the small box in the last column for each address that you want to return.
If an enabled NAT rule is using an address, the box for that address is dimmed, and you cannot release that address until you disable or delete the NAT rule listed in the Used By field.
Applying NAT Rules to Traffic
After you protect an access with a firewall and have obtained one or more public IP addresses for the access, you can apply the following types of NAT rules to traffic on the access.
Public addresses for outgoing traffic
Also known as dynamic source NAT, this type of NAT allows computers with private IP addresses in a private network to share a small set of public IP addresses for outgoing connections. For example, employees in an enterprise can use these public IP address for browsing the Web. You can specify the source IP addresses and, optionally, the ports that the outgoing traffic will use.
Public addresses for incoming traffic
Also known as static destination NAT, this type of NAT allows you to expose to the world a server, such as a Web server, that has a private IP address in your private network. You specify a public IP address, and incoming connections destined for that public IP address will be received by your server at its private IP address.
Fixed public addresses for outgoing traffic
Also known as static source NAT, this type of NAT allows you to specify the public source IP to be used for specific outgoing traffic. To specify this type of NAT you must set the configuration level of the portal to Advanced (see Setting the Configuration Level for Enterprise Manager Portal).
Enterprise Manager Portal ensures that the SAE activates a basic firewall service before it activates a NAT service.
To apply NAT rules to traffic on devices running Junos OS:
In the navigation pane of Enterprise Manager Portal, click the access that connects to the router.
Click the NAT tab.
The NAT page appears.
Configure NAT for incoming and outgoing interfaces on the router.
Configuring Public IP Addresses for Outgoing Traffic
To configure public IP addresses for outgoing traffic:
Locate the area called Public Addresses for Outgoing Traffic in the NAT page.
Enter field values to specify how the router will apply the NAT rule to outgoing traffic.
Outgoing Traffic Fields for NAT Addressing in Enterprise Manager Portal
Use fields in this topic to configure NAT addressing for outgoing traffic.
Contiguous range of public IP addresses to which the source addresses of clients in the enterprise are translated.
Value—Public IP addresses
Guidelines—Select the starting and ending IP addresses in the From and To menus. For one IP address, select the same address in the From and To menus.
Range of ports that are used as the source ports in outgoing IP packets after the NAT translation.
Value—Integers in the range 0–65535
Guidelines—Specify the starting and ending port numbers in the From and To fields. Be sure to use a port range big enough to allow all the private addresses to share the limited set of public addresses. To specify all ports in the range 1024–65535, leave these fields empty.
Whether or not the router applies NAT to outgoing traffic on this access.
Configuring Public IP Addresses for Incoming Traffic
To configure public IP addresses for incoming traffic:
Locate the area called Public Addresses for Incoming Traffic in the NAT page.
Using the field descriptions below, specify how the router will apply the NAT rule to incoming traffic.
Incoming Traffic Fields for NAT Addressing in Enterprise Manager Portal
Use fields in this topic to configure NAT addressing for incoming traffic.
Numeric value that indicates which NAT rule takes precedence if you specify more than one NAT rule for an IP address.
Value—Integer in the range specified by the online help for this field
Guidelines—You must specify a priority for the NAT rule. A lower number indicates a higher priority. Use a unique priority for each NAT rule that relates to the same traffic. If two rules have the same priority, they will be applied to traffic in an unpredictable order.
Name of the NAT rule
Public IP address that the router translates to a private address in the enterprise.
Guidelines—Select the public destination address that is to be translated into a private destination address inside the enterprise.
Private IP address to which the router translates the public IP address.
Guidelines—Enter the private address of the host you wish to make available outside the enterprise.
Application object to which the router will apply NAT.
<application>—An application object that you created.
Guidelines—Select a value from the menu.
Whether or not the router applies NAT to incoming traffic on this access.
Configuring Fixed Public Addresses for Outgoing Traffic
To configure fixed public IP addresses for outgoing traffic:
Set the portal configuration level to Advanced (see Setting the Configuration Level for Enterprise Manager Portal).
Locate the area called Fixed Public Addresses for Outgoing Traffic in the NAT page (see figure NAT Page in Applying NAT Rules to Traffic).
Modifying NAT Rules
To modify a NAT rule:
Modify the entry in the appropriate table.
Deleting NAT Rules
To delete a public IP address for outgoing traffic, click delete for the address range in the Public Addresses for Outgoing Traffic table.