source (Security Source NAT)
Syntax
source {
address-persistent;
interface (port-overloading off | port-overloading-factor number | enhanced-port-overloading-algorithm);
pool pool-name {
address ip-address {
to ip-address;
}
address-persistent subscriber ipv6-prefix-length prefix-length;
address-pooling (paired | no-paired);
address-shared;
description text;
host-address-base ip-address;
overflow-pool (interface | pool-name);
pool-utilization-alarm (clear-threshold value | raise-threshold value);
port {
block-allocation {
active-block-timeout timeout-interval;
block-size block-size;
interim-logging-interval timeout-interval;
last-block-recycle-timeout timeout-interval;
log disable;
maximum-blocks-per-host maximum-block-number
}
deterministic {
block-size block-size;
host {
address ip-address;
address-name address-name;
}
no-translation;
port-overloading-factor number;
range {
port-low <to port-high>;
to port-high;
twin-port port-low <to port-high>;
}
}
routing-instance routing-instance-name;
}
pool-default-port-range lower-port-range to upper-port-range;
pool-default-twin-port-range lower-port-range to upper-port-range;
pool-utilization-alarm (clear-threshold value | raise-threshold value);
port-randomization disable;
port-round-robin disable;
port-scaling-enlargement;
rule-set rule-set-name {
description text;
from {
interface [interface-name];
routing-instance [routing-instance-name];
zone [zone-name];
}
rule rule-name {
description text;
match {
application {
[application];
any;
}
(destination-address <ip-address> | destination-address-name <address-name>);
destination-port (port-or-low <to high>);
protocol [protocol-name-or-number];
source-address [ip-address];
source-address-name [address-name];
source-port (port-or-low <to high>)
}
then source-nat
interface {
persistent-nat {
address-mapping;
inactivity-timeout seconds;
max-session-number value;
permit (any-remote-host | target-host | target-host-port);
}
}
off;
pool <pool-name>
persistent-nat {
address-mapping;
inactivity-timeout seconds;
max-session-number number;
permit (any-remote-host | target-host | target-host-port);
}
rule-session-count-alarm (clear-threshold value | raise-threshold value);
}
}
}
to {
interface [interface-name];
routing-instance [routing-instance-name];
zone [zone-name];
}
}
}
Hierarchy Level
[edit security nat source pool pool-name port]
Description
Configure source NAT, which allows you to configure the following:
-
Translate source IP address or addresses to the egress interface's IP address.
-
Translate a range of source IP addresses to another range of IP addresses. This mapping is dynamic and without PAT.
-
Translate a range of source IP addresses to another range of IP addresses. This mapping is dynamic and with PAT.
-
Translate a range of source IP addresses to another range of IP addresses. This mapping is one-to-one, static, and without PAT.
Options
| enhanced-port-overloading-algorithm | The hash algorithm uses destination IP and port to calculate the port overloading index. |
Options
The remaining statements are explained separately. See CLI Explorer.
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
Release Information
Statement modified in Junos OS Release 9.6. The description option
added in Junos OS Release 12.1. Statement modified in Junos OS Release 12.1X45-D10.
Statement modified in Junos OS Release 12.1X47-D10. Statement modified in Junos OS
Release 12.3X48-D10. Statement modified in Junos OS Release
15.1X49-D60.
The enhanced-port-overloading-algorithm option added in Junos OS
Release 22.4R1.