Rate and give feedback:  Feedback Received. Thank You!

Rate and give feedback: 

X

This document helped resolve my issue

Yes No

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:  

E-mail: 

Enter a valid Email ID

Need product assistance? Contact Juniper Support

Submit

This site is protected by hCaptcha and its Privacy Policy and Terms of Service apply.

English  

English

Configuring Secured Port Block Allocation

1. At the [edit services nat pool poolname] hierarchy level, create a pool.
   user@host# edit services nat pool poolname

   For example:

   user@host# edit services nat pool pba-pool1
2. Define the range of addresses to be translated, specifying the upper and lower limits of the range or an address prefix that describes the range.
   [edit services nat pool pba-pool1]user@host# set address-range low address high address

   Or

   user@host# set address address-prefix

   For example:

   [edit services nat pool pba-pool1]user@host# set address 203.0.113.0/24
3. Define the range of ports to be used in the translation, or use automatic port assignment by the Junos OS. You can optionally specify random assignment of ports (sequential assignment is the default).
   [edit services nat pool pba-pool1]user@host# set port range low address high address random

   Or

   user@host# set port automatic random-allocation

   For example:

   [edit services nat pool pba-pool1]user@host# set port range low 256 high 511 random

   Or

   [edit services nat pool pba-pool1]user@host# set port automatic random-allocation

   Note: When you configure a port range, the range should be a multiple of the port block-size value (see Step 4). When the NAT pool port range is not a multiple of the port block-size value, the number of ports or port-blocks that are effectively available for use is less than the configured number of ports and port-blocks. The port block allocation mechanism uses ports in the range 0 through 1023 of a NAT address. When you configure automatic assignment of ports, the available port range for allocation is 1024 through 65535. Automatic allocation can result in no ports being available for use. Use the show services nat pool command on the Routing Engine after you configure the port block allocation method to determine the number of ports and port blocks available for allocation to users.

4. Configure secured port block allocation. Specify active-block-timeout, block-size, and max-blocks-per-address, or accept the default values for those options.
   [edit services nat pool pba-pool1]user@host# set secured-port-block-allocation active-block-timeout active-block-timeout block-size block-size max-blocks-per-address max-blocks-per-address

   For example:

   [edit services nat pool pba-pool1]user@host# set secured-port-block-allocation active-block-timeout 120 block-size 256 max-blocks-per-address 12

Note: In order for secured-port-block-allocation configuration changes to take effect, you must reboot the services PIC whenever you change any of the following nat pool options: address or address-range port range port secured-port-block-allocation block-size port secured-port-block-allocation max-blocks-per-address. port secured-port-block-allocation active-block-timeout. from hierarchy in the nat rule