Technical Documentation

Example: Dynamic Source NAT as a Next-Hop Service

The following example shows dynamic-source NAT applied as a next-hop service:

[edit interfaces]ge-0/2/0 {unit 0 {family mpls;}}sp-1/3/0 {unit 0 {family inet;}unit 20 {family inet;}unit 32 {family inet;}}[edit routing-instances]protected-domain {interface ge-0/2/0.0;interface sp-1/3/0.20;instance-type vrf;route-distinguisher 10.58.255.17:37;vrf-import protected-domain-policy;vrf-export protected-domain-policy;routing-options {static {route 0.0.0.0/0 next-hop sp-1/3/0.20;}}}[edit policy-options]policy-statement protected-domain-policy {term t1 {then reject;}}[edit services]stateful-firewall {rule allow-all {match-direction input;term t1 {then {accept;}}}}nat {pool my-pool {address 10.58.16.100;port automatic;}rule hide-all {match-direction input;term t1 {then {translated {source-pool my-pool;translation-type source dynamic;}}}}}service-set null-sfw-with-nat {stateful-firewall-rules allow-all;nat-rules hide-all;next-hop-service {inside-service-interface sp-1/3/0.20;outside-service-interface sp-1/3/0.32;}}

Published: 2010-04-28