permit (Security Persistent NAT)
Syntax
permit ( any-remote-host | target-host | target-host-port );
Hierarchy Level
[edit security nat source rule-set ruleset rule rule then source-nat interface persistent-nat] [edit security nat source rule-set ruleset rule rule then source-nat pool persistent-nat]
Description
Configure persistent NAT mappings.
Options
any-remote-host—All requests from a specific internal IP address and port are mapped to the same reflexive transport address. (The reflexive transport address is the public IP address and port created by the NAT device closest to the STUN server.) Any external host can send a packet to the internal host by sending the packet to the reflexive transport address.target-host—All requests from a specific internal IP address and port are mapped to the same reflexive transport address. An external host can send a packet to an internal host by sending the packet to the reflexive transport address. The internal host must have previously sent a packet to the external host’s IP address.target-host-port—All requests from a specific internal IP address and port are mapped to the same reflexive transport address. An external host can send a packet to an internal host by sending the packet to the reflexive transport address. The internal host must have previously sent a packet to the external host’s IP address and port.Note:The target-host-port configuration is not supported for NAT64 when configured with IPv6 address.
Required Privilege Level
security—To view this statement
in the configuration.
security-control—To add this statement to the
configuration
Release Information
Statement introduced in Junos OS Release 9.6. Support.