Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation

Understanding NAT for SRX Series

Network Address Translation (NAT) is a method for modifying or translating network address information in packet headers. Either of the source and destination addresses or both addresses in a packet can be translated. NAT can include the translation of IP addresses as well as port numbers.

The following types of NAT are supported on an SRX Series:

  • Static NAT—Static NAT defines a one-to-one mapping from one IP subnet to another IP subnet. The mapping includes destination IP address translation in one direction and source IP address translation in the reverse direction.

    Static NAT allows connections to be originated from either side of the network, but translation is limited to one-to-one or between blocks of addresses of the same size.

  • Destination NAT—Destination NAT is the translation of the destination IP address of a packet entering the SRX Series. Destination NAT is used to redirect traffic destined to a virtual host (identified by the original destination IP address) to the real host (identified by the translated destination IP address).

    In general, destination NAT allows connections to be initiated for incoming network connections—for example, from the Internet to a private network.

  • Source NAT—Source NAT is the translation of the source IP address of a packet leaving the SRX Series. Source NAT is used to allow hosts with private IP addresses to access a public network. On the SRX210, source NAT from the trust to the untrust zone is enabled by default.

    In general, source NAT allows connections to be initiated for outgoing network connections—for example, from a private network to the Internet.

For more details, see Network Address Translation Feature Guide for Security Devices.

 

Related Documentation

 

Published: 2014-04-24

Previous Page Next Page