Configuring Static Destination Address Translation in IPv4 Networks
In IPv4 networks, destination address translation is a mechanism used to implement address translation for destination traffic without port mapping. To use destination address translation, the size of the pool address space must be greater than or equal to the destination address space. You must specify a name for the destination-pool statement, which can contain multiple addresses, ranges, or prefixes, as long as the number of NAT addresses in the pool is larger than the number of destination addresses in the from statement.
To configure destination address translation in IPv4 networks:
- In configuration mode, go to the [edit services] hierarchy level.[edit]user@host# edit services
- Configure the service set and the NAT rule.[edit services]user@host# set service-set service-set-name nat-rules rule-name
In the following example, the name of the service set is s1 and the name of the NAT rule is rule-dnat44.
[edit services]user@host# set service-set s1 nat-rules rule-dnat44 - Go to the [interface-service] hierarchy level
of the service set.[edit services]user@host# edit service-set s1 interface-service
- Configure the service interface. [edit services service-set s1 interface-service]user@host# set service-interface service-interface-name
In the following example, the name of the service interface is ms-0/1/0.
Note: If the service interface is not present in the router, or the specified interface is not functional, the following command can result in an error.
[edit services service-set s1 interface-service]user@host# set service-interface ms-0/1/0 - Go to the [edit services nat] hierarchy level.
Issue the following command from the top of the services hierarchy,
or use the top keyword.[edit services service-set s1]user@host# top editservices nat
- Configure the NAT pool with an address. [edit services nat]user@host# set pool pool-name address address
In the following example, dest-pool is used as the pool name and 4.1.1.2 as the address.
user@host# set pool dest-pool address 4.1.1.2 - Configure the rule, match direction, term, and destination
address. [edit services nat]user@host# set rule rule-name match-direction match-direction term term-name from destination-address address
In the following example, the name of the rule is rule-dnat44, the match direction is input, the name of the term is t1, and the address is 20.20.20.20.
[edit services nat]user@host# set rule rule-dnat44 match-direction input term t1 from destination-address 20.20.20.20 - Go to the [edit services nat rule rule-dnat44 term t1] hierarchy level.[edit services nat]user@host# edit rule rule-dnat44 term t1
- Configure the destination pool and the translation type. [edit services nat rule rule-dnat44 term t1]user@host# set then translated destination-pool dest-pool-name translation-type translation-type
In the following example, the destination pool name is dest-pool, and the translation type is dnat-44.
[edit services nat rule rule-dnat44 term t1]user@host# set then translated destination-pool dest-pool translation-type dnat-44 - Go to the [edit services adaptive-services-pics] hierarchy level. In the following command, the top keyword
ensures that the command is run from the top of the hierarchy. [edit services nat rule rule-dnat44 term t1] user@host# top edit services adaptive-services-pics
- Configure the trace options.[edit services adaptive-services-pics]user@host# set traceoptions flag tracing parameter
In the following example, the tracing parameter is configured as all.
[edit services adaptive-services-pics]user@host# set traceoptions flag all - Verify the configuration by using the show command
at the [edit services] hierarchy level.
[edit services] user@host# show service-set s1 { nat-rules rule-dnat44; interface-service { service-interface ms-0/1/0; } } nat { pool dest-pool { address 4.1.1.2/32; } rule rule-dnat44 { match-direction input; term t1 { from { destination-address { 20.20.20.20/32; } } then { translated { destination-pool dest-pool; translation-type { dnat-44; } } } } } } adaptive-services-pics { traceoptions { flag all; } }
