See the following sections:
- nat {
-
- destination {
-
- pool
pool-name {
- address < ip-address > (to ip-address | port port-number );
- routing-instance routing-instance-name
;
- }
-
- rule-set rule-set-name
{
- from interface [interface-name]
|
- routing-instance [routing-instance-name]
| zone [zone-name];
-
- rule
rule-name {
-
- match {
- destination-address destination-address ;
- destination-port port-number
;
- source-address [source-address];
- }
-
- then {
- destination-nat (off | pool pool-name
);
- }
- }
- }
- }
-
- proxy-arp {
-
- interface interface-name
{
- address
ip-address to ip-address ;
- }
- }
-
- source {
- address-persistent;
-
- pool
pool-name {
- address
ip-address to ip-address ;
- host-address-base ip-address
;
- overflow-pool (interface
| pool-name
);
- port no-translation | range
high ip-address low ip-address ;
- routing-instance routing-instance-name
;
- }
-
- pool-utilization-alarm {
- clear-threshold threshold-value
;
- raise-threshold threshold-value
;
- }
-
- rule-set rule-set-name
{
- from interface [interface-name]
|
- routing-instance [routing-instance-name]
| zone [zone-name];
-
- rule
rule-name {
-
- match {
- destination-address [destination-address];
- source-address [source-address];
- }
-
- then {
- source-nat (off | interface
| pool pool-name );
- }
- }
- to interface [interface-name]
|
- routing-instance [routing-instance-name]
| zone [zone-name];
- }
- }
-
- static {
-
- rule-set rule-set-name
{
- from interface [interface-name]
|
- routing-instance [routing-instance-name]
| zone [zone-name];
-
- rule
rule-name {
-
- match {
- destination-address [destination-address];
- }
-
- then {
- static-nat prefix < addr-prefix
>
- <routing-instance routing-instance-name >;
- }
- }
- }
- }
-
- traceoptions {
-
- file
filename {
- <files number >;
- <match regular-expression
>;
- <size maximum-file-size
>;
- <world-readable | no-world-readable>;
- }
-
- flag {
- all;
- destination-nat-pfe;
- destination-nat-re;
- destination-nat-rt;
- source-nat-pfe;
- source-nat-re;
- source-nat-rt;
- static-nat-pfe;
- static-nat-re;
- static-nat-rt;
- }
- no-remote-trace;
- }
- }
- [edit security]
Statement modified in Release 9.3 of JUNOS software.
Configure Network Address Translation (NAT) for the services gateway.
This statement is supported on SRX-series devices.
The remaining statements are explained separately.
For configuration instructions and examples, see the JUNOS Software Security Configuration Guide.
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
- nat {
-
- destination-nat destination-nat-name
{
- address
prefix
<port
port-number
>;
- address-range high ip-address
low ip-address ;
- }
-
- interface interface-name {
- allow-incoming;
-
- proxy-arp {
- address
prefix ;
- address-range high ip-address
low ip-address ;
- }
-
- source-nat {
-
- pool
pool-name {
- address
prefix ;
- address-range high ip-address
low ip-address ;
- allow-incoming;
- host-address-low ip-address
;
- no-port-translation;
- overflow-pool (interface
| pool-name );
- }
- }
-
- static-nat ip-prefix {
-
host ip-prefix;
-
virtual-router vr-name ;
- }
- }
-
- source-nat {
- address-persistent;
-
- pool-set pool-set-name
{
- pool
pool-name ;
- }
-
- pool-utilization-alarm {
- clear-threshold clear-threshold
;
- raise-threshold raise-threshold
;
- }
- }
-
- traceoptions {
-
- file
filename {
- <files number >;
- <match regular-expression
>;
- <size maximum-file-size
>;
- <world-readable | no-world-readable>;
- }
-
- flag {
- all;
- configuration;
- flow;
- routing-protocol;
- routing-socket;
- }
- }
- }
- [edit security]
Statement introduced in Release 8.5 of JUNOS software.
Configure Network Address Translation (NAT) for the Services Router.
This statement is supported on J-series devices.
The remaining statements are explained separately.
For configuration instructions and examples, see the JUNOS Software Security Configuration Guide.
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.