close
keyboard_arrow_left
Table of Contents
- play_arrow Overview
- play_arrow Services Overview
- play_arrow Services Configuration Overview
-
- play_arrow Transitioning to IPv6 Using MAP-E and MAP-T
- play_arrow Transitioning to IPv6 Using MAP-E and MAP-T
- Mapping of Address and Port with Translation (MAP-T)
-
- play_arrow Transition to IPv6 With Softwires
- play_arrow Transition to IPv6 With 6to4 Softwires
- play_arrow Transition to IPv6 With DS-Lite Softwires
- play_arrow Transition to IPv6 With 6rd Softwires
- play_arrow Transition to IPv6 With Inline Softwires
- play_arrow Monitoring and Troubleshooting Softwires
-
- play_arrow ALGs
- play_arrow ALGs
-
- play_arrow Access Security
- play_arrow Stateful Firewalls
- play_arrow IDS on MS-DPC
- play_arrow Network Attack Protection on MS-MPC and MS-MIC
-
- play_arrow IPsec Tunnels
- play_arrow IPsec Overview
- play_arrow Inline IPsec
- play_arrow IPsec Tunnels With Static Endpoints
- play_arrow IPsec Tunnels With Dynamic Endpoints
-
- play_arrow CoS on Services Cards
- play_arrow CoS on Services Cards
- play_arrow Class of Service on Link Services Interfaces
-
- play_arrow Inter-Chassis Redundancy for NAT and Stateful Firewall Flows
- play_arrow Configuring Inter-Chassis MS-MPC and MS-MIC for NAT and Stateful Firewall (Release 16.1 and later)
- play_arrow Configuring Inter-Chassis Stateful Synchronization for NAT and Stateful Firewall (Release 15.1 and earlier)
-
- play_arrow Multilinks
- play_arrow Link Services Interface Redundancy
- play_arrow Link Bundling
-
- play_arrow Traffic Load Balancer
- play_arrow Traffic Load Balancer
-
- play_arrow Services Card Redundancy
- play_arrow Services Card Redundancy for MS-MPC and MS-MIC
- play_arrow Services Card Redundancy for Multiservices PIC
-
- play_arrow Voice Services
- play_arrow Voice Services
-
- play_arrow Layer 2 PPP Tunnels
- play_arrow Layer 2 Tunneling of PPP Packets
-
- play_arrow URL Filtering
- play_arrow URL Filtering
-
- play_arrow Configuration Statements and Operational Commands
list Table of Contents
ON THIS PAGE
Example: Configuring the DNS ALG Application on MX-SPC3 service card
date_range
24-Nov-23
This example shows how to configure the translation type as basic-nat-pt. You must configure the DNS ALG application, the NAT pools and rules, a service set with a service interface.
Requirements
This example uses the following hardware and software components:
- MX240, MX480, and MX960 with MX-SPC3
- Junos OS Release 21.1R1
Configuration
To configure the DNS ALG application on the MX-SPC3 service card, perform these tasks:
Set the application.
content_copy zoom_out_map[edit] user@host# set application application-name application-protocol protocol-name
Configuring service set.
content_copy zoom_out_map[edit] user@host# set services service-set ss1 syslog mode event
content_copy zoom_out_mapuser@host# set services service-set ss1 syslog mode event
3. Configure a service set using the NAT rule.
content_copy zoom_out_map[edit] user@host# set services service-set ss1 nat-rule-sets src_nat_rule_set1
content_copy zoom_out_mapuser@host# set services service-set ss1 nat-rule-sets dst_nat_rule_set1
content_copy zoom_out_mapuser@host# set services service-set ss1 interface-service service-interface vms-2/0/0.0
Specify NAT pool and rule information.
content_copy zoom_out_map[edit] user@host# set services nat source pool source_pool1 address 100.0.0.0/24
content_copy zoom_out_mapuser@host# set services nat source rule-set src_nat_rule_set1 rule source_nat_rule1 match source-address 2000::/64
content_copy zoom_out_mapuser@host# set services nat source rule-set src_nat_rule_set1 rule source_nat_rule1 match destination-address 0.0.0.0/0
content_copy zoom_out_mapuser@host# set services nat source rule-set src_nat_rule_set1 rule source_nat_rule1 match application dns_alg
content_copy zoom_out_mapuser@host# set services nat source rule-set src_nat_rule_set1 rule source_nat_rule1 then source-nat pool source_pool1
content_copy zoom_out_mapuser@host# set services nat source rule-set src_nat_rule_set1 rule source_nat_rule1 then syslog
content_copy zoom_out_mapuser@host# set services nat source rule-set src_nat_rule_set1 match-direction input
content_copy zoom_out_mapuser@host# set services nat destination rule-set dst_nat_rule_set1 rule dst_nat_rule1 match source-address 2000::/64
content_copy zoom_out_mapuser@host# set services nat destination rule-set dst_nat_rule_set1 rule dst_nat_rule1 match destination-address 6000::/96
content_copy zoom_out_mapuser@host# set services nat destination rule-set dst_nat_rule_set1 rule dst_nat_rule1 match application dns_alg
content_copy zoom_out_mapuser@host# set services nat destination rule-set dst_nat_rule_set1 rule dst_nat_rule1 then destination-nat destination-prefix 6000::/96
content_copy zoom_out_mapuser@host# set services nat destination rule-set dst_nat_rule_set1 rule dst_nat_rule1 then syslog
content_copy zoom_out_mapuser@host# set services nat destination rule-set dst_nat_rule_set1 match-direction input
Configure the interfaces.
content_copy zoom_out_map[edit] user@host# set interfaces vms-2/0/0 unit 0 family inet
content_copy zoom_out_mapuser@host# set interfaces vms-2/0/0 unit 0 family inet6
Result
content_copy zoom_out_map
[edit]
user@host# show services service-set ss1 {
syslog {
mode event;
local-category all;
}
nat-rule-sets src_nat_rule_set1;
nat-rule-sets dst_nat_rule_set1;
interface-service {
service-interface vms-2/0/0.0;
}
}
nat {
source {
pool source_pool1 {
address {
100.0.0.0/24;
}
}
rule-set src_nat_rule_set1 {
rule source_nat_rule1 {
match {
source-address 2000::/64;
destination-address 0.0.0.0/0;
application dns_alg;
}
then {
source-nat {
pool {
source_pool1;
}
}
syslog;
}
}
match-direction input;
}
}
destination {
rule-set dst_nat_rule_set1 {
rule dst_nat_rule1 {
match {
source-address 2000::/64;
destination-address 6000::/96;
application dns_alg
}
then {
destination-nat {
destination-prefix 6000::/96;
}
syslog;
}
}
match-direction input;
}
}
}
