Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation

Example: NAT 44 CGN Configurations

This example describes how to implement several NAT configurations.

Hardware and Software Requirements

This example requires the following hardware:

  • An MX Series 3D Universal Edge router with a Services DPC or an M Series Multiservice Edge router with a services PIC
  • A domain name server (DNS)

This example uses the following software:

  • Junos OS Release 11.4 or higher

Overview

This example shows a complete CGN NAT44 configuration and advanced options.

Basic NAT44 Configuration

CLI Quick Configuration

Chassis Configuration

Step-by-Step Procedure

To configure the service PIC (FPC 5 Slot 0) with the Layer 3 service package:

  1. Go to the [{edit chassis] hierarchy level.
    user@host# edit chassis
  2. Configure the Layer 3 service package.
    [edit chassis]user@host# set fpc 5 pic 0 adaptive-services service-package layer-3

Configuring the Interfaces

Step-by-Step Procedure

To configure interfaces to the private network and the public Internet:

  1. Define the interface to the private network.
    user@host# edit interfaces ge-1/3/5[edit interfaces ge-1/3/5]user@host# set description “Private”user@host# edit unit 0 family inet[edit interfaces ge-1/3/5 unit 0 family inet]user@host# set service input service-set ss2user@host# set service output service-set ss2user@host# set address 9.0.0.1/24
  2. Define the interface to the public Internet.
    user@host# edit interfaces ge-1/3/6[edit interfaces ge-1/3/6]user@host# set description “Public”user@host# set unit 0 family inet address 128.0.0.1/24
  3. Define the service interface for NAT processing.
    user@host# edit interfaces sp-5/0/0[edit interfaces sp-5/0/0]user@host# set unit 0 family inet

Results

user@host# show interfaces ge-1/3/5
description Private;
unit 0 {
    family inet {
        service {
            input {
                 service-set sset2;
            }
            output {
                service-set sset2;
            }
        }
        address 9.0.0.1/24;
    }
}
}
user@host# show interfaces ge-1/3/6
description Public:;
unit 0 {
    family inet {
        address 128.0.0.1/24;
    }
}
user@host# show interfaces sp-5/0/0
unit 0 {
family inet;
}

Configuring NAT with Port Translation

Step-by-Step Procedure

To configure source-only dynamic NAT with port translation:

  1. Configure the NAT pool.
    user@host# edit services nat[edit services nat]user@host# set pool p1 address 129.0.0.0/24user@host# set pool p1 port automatic random-allocation
  2. Configure the NAT rule.
    [edit services nat]
    host# edit rule r1
    host# set match-direction input
    host# set term t1 from source-address 10.0.0.0/16
    host# set term t1 from source-address 10.1.0.0/16
    host# set term t1 then translated source-pool p1 translation-type dynamic-nat44

Results

user@host# show services nat
pool p1 {
    address 129.0.0.0/24;
}
rule r1 {
    match-direction input;
    term t1 {
        from {
            source-address {
                10.0.0.0/16;
                10.1.0.0/16;
            }
        }
        then {
            translated {
                source-pool p1;
                translation-type {
                    dynamic-nat44;
                }
            }
        }
    }
}

Configuring the Service Set

Step-by-Step Procedure

To configure the service set:

  1. Configure a service set.
    user@host# edit services service-set ss2
  2. Specify the NAT rule to be used.
    [edit services service-set ss2]host# set nat-rules r1
  3. Specify the interface service.
    [edit services service-set ss2]host# set interface-service service-interface sp-5/0/0

Results

user@host# show services service-sets sset2
nat-rules r1;
interface-service {
    service-interface sp-5/0/0;
}

Published: 2012-11-28

Published: 2012-11-28

Previous Page Next Page