show security nat source pool
Syntax
show security nat source pool pool-name all logical-system (logical-system-name ) root-logical-system tenant (tenant-name )
Description
Display information about the specified Network Address Translation (NAT) source address pool and the configured twin port range per pool.
Options
| pool-name | Display source NAT information for the specified address pool. |
| all | Display information about all source NAT address pools. |
| logical-system | Display
information about the source NAT pools for a specified logical system.
Specify |
| root-logical-system | Display information about the source NAT pools for the primary (root) logical system. |
| tenant | Display information
about the source NAT pools for a specified tenant system. Specify |
Required Privilege Level
view
Output Fields
Table 1 lists
the output fields for the show security nat source pool command. Output fields are listed in the approximate order in which
they appear.
Field Name |
Field Description |
|---|---|
Pool name |
Name of the source pool. |
Description |
Description of the source pool. |
Pool id |
Pool identification number. |
Routing Instance |
Name of the routing instance. |
Host address base |
Base address of the original source IP address range. |
Port |
Port numbers used for the source pool. |
Twin port |
Upper and lower limits of the twin port. |
port overloading |
Number of port overloading for the source pool. |
Address assignment |
Type of address assignment. |
Total addresses |
Number of IP addresses that are in use. Starting in Junos OS Release 15.1X49-D90 and Junos OS Release 17.3R1, the total number of addresses for pools with IPv6 prefixes is shown as zero (0). |
Translation hits |
Number of translation hits. |
Port block size |
Block size for the deterministic pool. |
Last block recycle timeout |
Amount of time before the last active block is released. |
Interim logging interval |
Time interval for which additional system log messages are sent for active blocks and for inactive blocks with existing sessions. |
Determ host range num |
Host range for the deterministic pool. |
Address range |
IP address or IP address range for the source pool. |
Address-Persistent |
Address-persistent information for IPv4 source pools:
|
Single Ports |
Number of allocated single ports. |
Twin Ports |
Number of allocated twin ports. |
Sample Output
show security nat source pool src_v4_pool-namelength-is-now-changed-upto-63-characters-length
user@host> show security nat source pool src_v4_pool-namelength-is-now-changed-upto-63-characters-length
Pool name : src_v4_pool-namelength-is-now-changed-upto-63-characters-length
Pool id : 8
Routing instance : default
Host address base : 0.0.0.0
Port : [1024, 63487]
Twin port : [63488, 65535]
Port overloading : 1
Address assignment : paired
Total addresses : 64
Translation hits : 0
Address range Single Ports Twin Ports
203.0.203.1 - 203.0.203.1 0 0
203.0.203.2 - 203.0.203.2 0 0
203.0.203.3 - 203.0.203.3 0 0
203.0.203.4 - 203.0.203.4 0 0
203.0.203.5 - 203.0.203.5 0 0
203.0.203.6 - 203.0.203.6 0 0
203.0.203.7 - 203.0.203.7 0 0
203.0.203.8 - 203.0.203.8 0 0
203.0.203.9 - 203.0.203.9 0 0
203.0.203.10 - 203.0.203.10 0 0
203.0.203.11 - 203.0.203.11 0 0
203.0.203.12 - 203.0.203.12 0 0
203.0.203.13 - 203.0.203.13 0 0
203.0.203.14 - 203.0.203.14 0 0
203.0.203.15 - 203.0.203.15 0 0
203.0.203.16 - 203.0.203.16 0 0
203.0.203.17 - 203.0.203.17 0 0
203.0.203.18 - 203.0.203.18 0 0
203.0.203.19 - 203.0.203.19 0 0
203.0.203.20 - 203.0.203.20 0 0
203.0.203.21 - 203.0.203.21 0 0
203.0.203.22 - 203.0.203.22 0 0
203.0.203.23 - 203.0.203.23 0 0
203.0.203.24 - 203.0.203.24 0 0
203.0.203.25 - 203.0.203.25 0 0
203.0.203.26 - 203.0.203.26 0 0
203.0.203.27 - 203.0.203.27 0 0
203.0.203.28 - 203.0.203.28 0 0
203.0.203.29 - 203.0.203.29 0 0
203.0.203.30 - 203.0.203.30 0 0
203.0.203.31 - 203.0.203.31 0 0
203.0.203.32 - 203.0.203.32 0 0
203.0.203.33 - 203.0.203.33 0 0
203.0.203.34 - 203.0.203.34 0 0
203.0.203.35 - 203.0.203.35 0 0
203.0.203.36 - 203.0.203.36 0 0
203.0.203.37 - 203.0.203.37 0 0
203.0.203.38 - 203.0.203.38 0 0
203.0.203.39 - 203.0.203.39 0 0
203.0.203.40 - 203.0.203.40 0 0
203.0.203.41 - 203.0.203.41 0 0
203.0.203.42 - 203.0.203.42 0 0
203.0.203.43 - 203.0.203.43 0 0
203.0.203.44 - 203.0.203.44 0 0
203.0.203.45 - 203.0.203.45 0 0
203.0.203.46 - 203.0.203.46 0 0
203.0.203.47 - 203.0.203.47 0 0
203.0.203.48 - 203.0.203.48 0 0
203.0.203.49 - 203.0.203.49 0 0
203.0.203.50 - 203.0.203.50 0 0
203.0.203.51 - 203.0.203.51 0 0
203.0.203.52 - 203.0.203.52 0 0
203.0.203.53 - 203.0.203.53 0 0
203.0.203.54 - 203.0.203.54 0 0
203.0.203.55 - 203.0.203.55 0 0
203.0.203.56 - 203.0.203.56 0 0
203.0.203.57 - 203.0.203.57 0 0
203.0.203.58 - 203.0.203.58 0 0
203.0.203.59 - 203.0.203.59 0 0
203.0.203.60 - 203.0.203.60 0 0
203.0.203.61 - 203.0.203.61 0 0
203.0.203.62 - 203.0.203.62 0 0
203.0.203.63 - 203.0.203.63 0 0
203.0.203.64 - 203.0.203.64 0 0
Total used ports : 0 0
Sample Output
- show security nat source pool all (SRX Series Firewalls)
- show services nat source pool all (MX-SPC3)
- show security nat source pool all tenant
- show security nat source pool P_1
- show security nat source pool src-nat-v4-with-pat
- show security nat source pool (with map-e confidentiality enabled)
- show security nat source pool (without map-e confidentiality enabled)
show security nat source pool all (SRX Series Firewalls)
user@host> show security nat source pool all
Total pools: 4
Pool name : src_v4_pool-namelength-is-now-changed-upto-63-characters-length
Pool id : 8
Routing instance : default
Host address base : 0.0.0.0
Port : [1024, 63487]
Twin port : [63488, 65535]
Port overloading : 1
Address assignment : paired
Total addresses : 64
Translation hits : 0Address range Single Ports Twin Ports
203.0.203.1 - 203.0.203.1 0 0
203.0.203.2 - 203.0.203.2 0 0
203.0.203.3 - 203.0.203.3 0 0
203.0.203.4 - 203.0.203.4 0 0
203.0.203.5 - 203.0.203.5 0 0
203.0.203.6 - 203.0.203.6 0 0
203.0.203.7 - 203.0.203.7 0 0
203.0.203.8 - 203.0.203.8 0 0
203.0.203.9 - 203.0.203.9 0 0
203.0.203.10 - 203.0.203.10 0 0
203.0.203.11 - 203.0.203.11 0 0
203.0.203.12 - 203.0.203.12 0 0
203.0.203.13 - 203.0.203.13 0 0
203.0.203.14 - 203.0.203.14 0 0
203.0.203.15 - 203.0.203.15 0 0
203.0.203.16 - 203.0.203.16 0 0
203.0.203.17 - 203.0.203.17 0 0
203.0.203.18 - 203.0.203.18 0 0
203.0.203.19 - 203.0.203.19 0 0
203.0.203.20 - 203.0.203.20 0 0
203.0.203.21 - 203.0.203.21 0 0
203.0.203.22 - 203.0.203.22 0 0
203.0.203.23 - 203.0.203.23 0 0
203.0.203.24 - 203.0.203.24 0 0
203.0.203.25 - 203.0.203.25 0 0
203.0.203.26 - 203.0.203.26 0 0
203.0.203.27 - 203.0.203.27 0 0
203.0.203.28 - 203.0.203.28 0 0
203.0.203.29 - 203.0.203.29 0 0
203.0.203.30 - 203.0.203.30 0 0
203.0.203.31 - 203.0.203.31 0 0
203.0.203.32 - 203.0.203.32 0 0
203.0.203.33 - 203.0.203.33 0 0
203.0.203.34 - 203.0.203.34 0 0
203.0.203.35 - 203.0.203.35 0 0
203.0.203.36 - 203.0.203.36 0 0
203.0.203.37 - 203.0.203.37 0 0
203.0.203.38 - 203.0.203.38 0 0
203.0.203.39 - 203.0.203.39 0 0
203.0.203.40 - 203.0.203.40 0 0
203.0.203.41 - 203.0.203.41 0 0
203.0.203.42 - 203.0.203.42 0 0
203.0.203.43 - 203.0.203.43 0 0
203.0.203.44 - 203.0.203.44 0 0
203.0.203.45 - 203.0.203.45 0 0
203.0.203.46 - 203.0.203.46 0 0
203.0.203.47 - 203.0.203.47 0 0
203.0.203.48 - 203.0.203.48 0 0
203.0.203.49 - 203.0.203.49 0 0
203.0.203.50 - 203.0.203.50 0 0
203.0.203.51 - 203.0.203.51 0 0
203.0.203.52 - 203.0.203.52 0 0
203.0.203.53 - 203.0.203.53 0 0
203.0.203.54 - 203.0.203.54 0 0
203.0.203.55 - 203.0.203.55 0 0
203.0.203.56 - 203.0.203.56 0 0
203.0.203.57 - 203.0.203.57 0 0
203.0.203.58 - 203.0.203.58 0 0
203.0.203.59 - 203.0.203.59 0 0
203.0.203.60 - 203.0.203.60 0 0
203.0.203.61 - 203.0.203.61 0 0
203.0.203.62 - 203.0.203.62 0 0
203.0.203.63 - 203.0.203.63 0 0
203.0.203.64 - 203.0.203.64 0 0
Total used ports : 0 0
Pool name : src-p2
Description : The source pool src-p2 is for the sales team
Pool id : 5
Routing instance : default
Host address base : 0.0.0.0
Port : [1024, 63487]
Address assignment : no-paired
port overloading : 1
Total addresses : 1
Translation hits : 0
Address range Single Ports Twin Ports
192.0.2.0 - 192.0.2.3 0 0
Pool name : src-p3
Description : The source pool src-p3 is for the sales team
Pool id : 6
Routing instance : default
Host address base : 0.0.0.0
Port : [1024, 63487]
Address assignment : no-paired
port overloading : 1
Total addresses : 1
Translation hits : 0
Address range Single Ports Twin Ports
2001:db8::1 - 2001:db8::1 0 0
Pool name : src-p4
Description : The source pool src-p4 is for the sales team
Pool id : 7
Routing instance : default
Host address base : 0.0.0.0
Port : [1024, 63487]
Address assignment : no-paired
port overloading : 1
Total addresses : 1
Translation hits : 0
Address range Single Ports Twin Ports
2001:db8::2 - 2001:db8::2 0 0
show services nat source pool all (MX-SPC3)
user@host> show services nat source pool all
Total pools: 1
Interface: vms-4/0/0 , Service set: ss1
Pool name : NAT_POOL1--WEB-MX-SPC3NAT_WEB_MX_SPC3NAT_web-mx--spc3_NAT-POOL
Pool id : 4
Host address base : 0.0.0.0
Port : [3035, 3036]
Port overloading : 1
Address assignment : no-paired
Total addresses : 64
Translation hits : 0
Ei-mapping-timeout : 300
Mapping-timeout : 300
EIF Inbound session count: 0
EIF Inbound session limit exceeded drops: 0
Address range Ports
203.1.1.0 - 203.1.1.0 0
203.2.1.0 - 203.2.1.0 0
203.3.1.0 - 203.3.1.0 0
203.4.1.0 - 203.4.1.0 0
203.5.1.0 - 203.5.1.0 0
203.6.1.0 - 203.6.1.0 0
203.7.1.0 - 203.7.1.0 0
203.8.1.0 - 203.8.1.0 0
203.9.1.0 - 203.9.1.0 0
203.10.1.0 - 203.10.1.0 0
203.11.1.0 - 203.11.1.0 0
203.12.1.0 - 203.12.1.0 0
203.13.1.0 - 203.13.1.0 0
203.14.1.0 - 203.14.1.0 0
203.15.1.0 - 203.15.1.0 0
203.16.1.0 - 203.16.1.0 0
203.17.1.0 - 203.17.1.0 0
203.18.1.0 - 203.18.1.0 0
203.19.1.0 - 203.19.1.0 0
203.20.1.0 - 203.20.1.0 0
203.21.1.0 - 203.21.1.0 0
203.22.1.0 - 203.22.1.0 0
203.23.1.0 - 203.23.1.0 0
203.24.1.0 - 203.24.1.0 0
203.25.1.0 - 203.25.1.0 0
203.26.1.0 - 203.26.1.0 0
203.27.1.0 - 203.27.1.0 0
203.28.1.0 - 203.28.1.0 0
203.29.1.0 - 203.29.1.0 0
203.30.1.0 - 203.30.1.0 0
203.31.1.0 - 203.31.1.0 0
203.32.1.0 - 203.32.1.0 0
203.33.1.0 - 203.33.1.0 0
203.34.1.0 - 203.34.1.0 0
203.35.1.0 - 203.35.1.0 0
203.36.1.0 - 203.36.1.0 0
203.37.1.0 - 203.37.1.0 0
203.38.1.0 - 203.38.1.0 0
203.39.1.0 - 203.39.1.0 0
203.40.1.0 - 203.40.1.0 0
203.41.1.0 - 203.41.1.0 0
203.42.1.0 - 203.42.1.0 0
203.43.1.0 - 203.43.1.0 0
203.44.1.0 - 203.44.1.0 0
203.45.1.0 - 203.45.1.0 0
203.46.1.0 - 203.46.1.0 0
203.47.1.0 - 203.47.1.0 0
203.48.1.0 - 203.48.1.0 0
203.49.1.0 - 203.49.1.0 0
203.50.1.0 - 203.50.1.0 0
203.51.1.0 - 203.51.1.0 0
203.52.1.0 - 203.52.1.0 0
203.53.1.0 - 203.53.1.0 0
203.54.1.0 - 203.54.1.0 0
203.55.1.0 - 203.55.1.0 0
203.56.1.0 - 203.56.1.0 0
203.57.1.0 - 203.57.1.0 0
203.58.1.0 - 203.58.1.0 0
203.59.1.0 - 203.59.1.0 0
203.60.1.0 - 203.60.1.0 0
203.61.1.0 - 203.61.1.0 0
203.62.1.0 - 203.62.1.0 0
203.63.1.0 - 203.63.1.0 0
203.64.1.0 - 203.64.1.0 0
Total used ports : 0
Error Counters:
Out of port errors : 0
Out of address errors : 0
Parity port errors : 0
Preserve Range errors : 0
APP port allocation errors : 0
APP port limit allocation errors : 0
show security nat source pool all tenant
user@host> show security nat source pool all tenant tn1
Total pools: 1
Pool name : pat
Pool id : 4
Routing instance : default
Host address base : 0.0.0.0
Port : [1024, 63487]
Twin port : [63488, 65535]
Port overloading : 1
Address assignment : no-paired
Total addresses : 24
Translation hits : 0
Address range Single Ports Twin Ports
192.0.2.1 - 192.0.2.24 0 0
Total used ports : 0 0
show security nat source pool P_1
user@host>show security nat source pool P_1
Pool name : P_1
Pool id : 4
Routing instance : default
Port : [12345, 17890]
Port overloading : 1
Address assignment : no-paired
Total addresses : 256
Translation hits : 0
Port block size : 1000
Determ host range num: 3
Address range Single Ports Twin Ports
203.0.203.0 - 203.0.203.255 0 0
show security nat source pool src-nat-v4-with-pat
user@host>how security nat source pool src-nat-v4-with-pat
Pool name : src-nat-v4-with-pat
Pool id : 5
Routing instance : default
Host address base : 0.0.0.0
Port : [1024, 63487]
Port overloading : 1
Address assignment : no-paired
Total addresses : 1
Translation hits : 0
Address-persistent
IPv6 prefix length: 64
IPv6 subscriber out of port: 0
Address range Single Ports Twin Ports
203.0.203.1 - 203.0.203.10 0 0
show security nat source pool (with map-e confidentiality enabled)
user@host> show security nat source pool p1 Pool name : p1 Pool id : 4 Routing instance : default Host address base : 0.0.0.0 Map-e domain name : domain_1 Map-e rule name : r1 Address assignment : no-paired Total addresses : 1 Translation hits : 0 Address range Single Ports Twin Ports confidential 0 0 Total used ports : 0 0
show security nat source pool (without map-e confidentiality enabled)
user@host> show security nat source pool p1 Pool name : p1 Pool id : 4 Routing instance : default Host address base : 0.0.0.0 Map-e domain name : domain_1 Map-e rule name : r1 PSID offset : 4 PSID length : 8 PSID : 0x34 Port overloading : 1 Address assignment : no-paired Total addresses : 1 Translation hits : 0 Address range Single Ports Twin Ports 10.0.0.1 - 10.0.0.1 0 0 Total used ports : 0 0
Release Information
Command introduced in Junos OS Release 9.2.
The Description output field added in Junos OS Release 12.1.
The Address
assignment output field and IPv6 logical system support added
in Junos OS Release 12.1X45-D10.
The twin-port output field added in Junos OS Release 12.1X47-D10.
The Address-persistent output field added in Junos OS Release 12.3X48-D10.
The Last block
recycle timeout and Interim logging interval output
fields added in Junos OS Release 15.1X49-D60.
The tenant option is introduced in Junos OS Release 18.3R1.