Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Dynamic Address-Only Source Translation

Configuring Dynamic Address-Only Source Translation in IPv4 Networks

In IPv4 networks, dynamic address translation (dynamic NAT) is a mechanism to dynamically translate the destination traffic without port mapping. To use dynamic NAT, you must specify a source pool name, which includes an address configuration.

To configure dynamic NAT in IPv4 networks:

  1. In configuration mode, go to the [edit services] hierarchy level.
  2. Configure the service set and NAT rule.

    In the following example, the name of the service set is s1, and the name of the NAT rule is rule-dynamic-nat44.

  3. Go to the [interface-service] hierarchy level for the service set.
  4. Configure the service interface. 

    In the following example, the name of the service interface is ms-0/1/0.

    Note:

    If the service interface is not present in the router, or the specified interface is not functional, the following command can result in an error.

  5. Go to the [edit services nat] hierarchy level. Issue the following command from the top of the services hierarchy, or use the top keyword.
  6. Configure the NAT pool with an address.

    In the following example, the name of the pool is source-dynamic-pool, and the address is 10.10.10.0.

  7. Configure the rule, match direction, term, and source address. 

    In the following example, the name of the rule is rule-dynamic-nat44, the match direction is input, the name of the term is t1, and the source address is 3.1.1.0.

  8. Go to the [edit rule rule-dynamic-nat-44 term t1] hierarchy level.
  9. Configure the source pool and the translation type.

    In the following example, the name of the source pool is source-dynamic-pool and the translation type is dynamic-nat44.

  10. Go to the [edit services adaptive-services-pics] hierarchy level. In the following command, the top keyword ensures that the command is run from the top of the hierarchy.
  11. Configure the trace options.

    In the following example, the tracing parameter is configured as all.

  12. Verify the configuration by using the show command at the [edit services] hierarchy level.

The following example configures the translation type as dynamic-nat44.

The following configuration specifies that NAT is not performed on incoming traffic from the source address 192.168.20.24/32 by providing a NAT rule term t0 that configures no-translation. Dynamic NAT is performed on all other incoming traffic, as configured by term t1 of the NAT rule. The no-translation option is supported on MX Series routers with MS-DPCs and on M Series routers with MS-100, MS-400, and MS-500 MultiServices PICS. The no-translation option is supported on MX Series routers with MS-MPCs and MS-MICs starting in Junos OS release 15.1R1.

The following configuration performs NAT using the source prefix 20.20.10.0/24 without defining a pool.

The following configuration performs NAT using the destination prefix 20.20.10.0/32 without defining a pool.

Example: Dynamic Source NAT as a Next-Hop Service

The following example shows dynamic-source NAT applied as a next-hop service:

Example: Assigning Addresses from a Dynamic Pool for Static Use

The following configuration statically assigns a subset of addresses that are configured as part of a dynamic pool (dynamic-pool) to two separate static pools (static-pool and static-pool2).