[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]


Working with IP Addressing and NAT Services

You can configure NAT addressing and services from Enterprise Manager Portal. For information about NAT services and policies, see Chapter 17, Reviewing and Configuring Policies and Services for Enterprise Manager Portal.

Requesting Public IP Addresses for NAT Services

To request one or more IP addresses:

  1. In the navigation pane of Enterprise Manager Portal, click the access to which you want to request an IP address.
  2. Click the Addresses tab.

The Addresses page appears.


Figure 41: Addresses Page Before Requesting Addresses
  1. In the Number of Addresses field, enter the number of addresses that you want.
  2. (Optional) If you specify multiple IP addresses and you want the addresses to be sequential, select Contiguous.
  3. Click Request.

Enterprise Manager Portal sends a request to the service provider for the IP addresses and displays the number of outstanding requests. When the service provider allocates the IP addresses, Enterprise Manager Portal displays the public IP addresses assigned to this access and makes the addresses visible in the menus on the NAT page for that access, as shown in Figure 42. If a request for an IP address is outstanding for a certain period of time, Enterprise Manager Portal automatically sends a reminder to the service provider.


Figure 42: Addresses Page After Requesting Addresses

Number of Addresses

Contiguous

Canceling Requests for Public IP Addresses

To cancel a request:

Returning Public IP Addresses to Service Providers

To return one or more IP addresses to the service provider:

  1. Start at the Addresses page for the subscriber (see Figure 42).
  2. In the Public IP Addresses table, click in the small box in the last column for each address that you want to return.

If an enabled NAT rule is using an address, the box for that address is dimmed, and you cannot release that address until you disable or delete the NAT rule listed in the Used By field.

  1. Click Release.

Applying NAT Rules to Traffic

After you protect an access with a firewall and have obtained one or more public IP addresses for the access, you can apply the following types of NAT rules to traffic on the access.

Also known as dynamic source NAT, this type of NAT allows computers with private IP addresses in a private network to share a small set of public IP addresses for outgoing connections. For example, employees in an enterprise can use these public IP address for browsing the Web. You can specify the source IP addresses and, optionally, the ports that the outgoing traffic will use.

Also known as static destination NAT, this type of NAT allows you to expose to the world a server, such as a Web server, that has a private IP address in your private network. You specify a public IP address, and incoming connections destined for that public IP address will be received by your server at its private IP address.

Also known as static source NAT, this type of NAT allows you to specify the public source IP to be used for specific outgoing traffic. To specify this type of NAT you must set the configuration level of the portal to Advanced (see Setting the Configuration Level for Enterprise Manager Portal).

Enterprise Manager Portal ensures that the SAE activates a basic firewall service before it activates a NAT service.

To apply NAT rules to traffic on JUNOS routing platforms:

  1. In the navigation pane of Enterprise Manager Portal, click the access that connects to the router.
  2. Click the NAT tab.

The NAT page appears.


Figure 43: NAT Page
  1. See the following sections for information about configuring NAT for incoming and outgoing interfaces on the router.

Configuring Public IP Addresses for Outgoing Traffic

To configure public IP addresses for outgoing traffic:

  1. Locate the area called Public Addresses for Outgoing Traffic in the NAT page.
  2. Using the field descriptions below, specify how the router will apply the NAT rule to outgoing traffic.
  3. Select Enabled.
  4. Click Create.

Address Range

Port Range

Enabled

Configuring Public IP Addresses for Incoming Traffic

To configure public IP addresses for incoming traffic:

  1. Locate the area called Public Addresses for Incoming Traffic in the NAT page.
  2. Using the field descriptions below, specify how the router will apply the NAT rule to incoming traffic.
  3. Click Create.

Priority

Name

Public IP

Private IP

Application

Enabled

Configuring Fixed Public Addresses for Outgoing Traffic

To configure fixed public IP addresses for outgoing traffic:

  1. Set the portal configuration level to Advanced (see Setting the Configuration Level for Enterprise Manager Portal).
  2. Locate the area called Fixed Public Addresses for Outgoing Traffic in the NAT page (see Figure 43).
  3. Click Create.

Modifying NAT Rules

To modify a NAT rule:

  1. Modify the entry in the appropriate table.
  2. Click Apply.

Deleting NAT Rules

To delete a public IP address for outgoing traffic, click delete for the address range in the Public Addresses for Outgoing Traffic table.


[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]