close

keyboard_arrow_left

Table of Contents Expand all

play_arrow Overview
- play_arrow Services Overview
  - Adaptive Services and Multiservices Interfaces Overview
  - Packet Flow Through the Adaptive Services or Multiservices PIC
- play_arrow Services Configuration Overview
play_arrow Network Address Translation
- play_arrow NAT Overview
- play_arrow Stateful NAT64
  - Stateful NAT64
- play_arrow Static Source NAT
  - Static Source NAT
- play_arrow Static Destination NAT
  - Static Destination NAT
- play_arrow Network Address Port Translation
  - Network Address Port Translation
- play_arrow Deterministic NAT
  - Deterministic NAT
- play_arrow NAT Protocol Translation
  - NAT Protocol Translation
  - Example: Configuring the DNS ALG Application on MX-SPC3 service card
- play_arrow IPv4 Connectivity Across IPv6-Only Network Using 464XLAT
  - IPv4 Connectivity Across IPv6-Only Network Using 464XLAT
- play_arrow Port Control Protocol
  - Port Control Protocol
- play_arrow Secured Port Block Allocation
  - Secured Port Block Allocation
  - Secured Port Block Allocation Interim Logging
- play_arrow Port Forwarding
  - Port Forwarding
- play_arrow Dynamic Address-Only Source Translation
  - Dynamic Address-Only Source Translation
- play_arrow Inline NAT
  - Inline NAT
- play_arrow Stateless Source Network Prefix Translation for IPv6
  - Stateless Source Network Prefix Translation for IPv6
- play_arrow Monitoring NAT
  - Monitoring NAT
- play_arrow Packet Translation and GRE Tunneling
  - Packet Translation and GRE Tunneling
play_arrow Transitioning to IPv6 Using MAP-E and MAP-T
- play_arrow Transitioning to IPv6 Using MAP-E and MAP-T
  - Mapping of Address and Port with Encapsulation (MAP-E)
  - Equal Cost Multiple Path (ECMP) support for Mapping of Address and Port with Encapsulation (MAP-E)
- Mapping of Address and Port with Translation (MAP-T)
play_arrow Transition to IPv6 With Softwires
- play_arrow Transition to IPv6 With 6to4 Softwires
  - Softwires Configuration Overview
  - 6to4 Softwires
- play_arrow Transition to IPv6 With DS-Lite Softwires
  - DS-Lite Softwires
- play_arrow Transition to IPv6 With 6rd Softwires
  - Configuring a 6rd Softwire
- play_arrow Transition to IPv6 With Inline Softwires
  - Inline 6rd and 6to4 Softwires
- play_arrow Monitoring and Troubleshooting Softwires
  - Monitoring and Troubleshooting Softwires
play_arrow ALGs
- play_arrow ALGs
  - ALG Overview
  - ALG Applications
play_arrow Access Security
- play_arrow Stateful Firewalls
  - Stateful Firewalls
  - Monitoring Stateful Firewalls
- play_arrow IDS on MS-DPC
  - IDS on MS-DPC
- play_arrow Network Attack Protection on MS-MPC and MS-MIC
  - Network Attack Protection on MS-MPC and MS-MIC
play_arrow IPsec Tunnels
- play_arrow IPsec Overview
  - IPsec Overview
- play_arrow Inline IPsec
  - Inline IPsec
- play_arrow IPsec Tunnels With Static Endpoints
- play_arrow IPsec Tunnels With Dynamic Endpoints
  - IPsec Tunnels With Dynamic Endpoints
- - Inline IPsec
play_arrow CoS on Services Cards
- play_arrow CoS on Services Cards
  - Class of Service on Services Interfaces
- play_arrow Class of Service on Link Services Interfaces
  - Class of Service on Link Services Interfaces
play_arrow Inter-Chassis Redundancy for NAT and Stateful Firewall Flows
- play_arrow Configuring Inter-Chassis MS-MPC and MS-MIC for NAT and Stateful Firewall (Release 16.1 and later)
  - Inter-Chassis Stateful Synchronization for Long Lived NAT and Stateful Firewall Flows (MS-MPC, MS-MIC) (Release 16.1 and later)
  - Service Redundancy Daemon
- play_arrow Configuring Inter-Chassis Stateful Synchronization for NAT and Stateful Firewall (Release 15.1 and earlier)
  - Inter-Chassis High Availability for MS-MIC and MS-MPC (Release 15.1 and earlier)
play_arrow Multilinks
- play_arrow Link Services Interface Redundancy
  - Link Services Interface Redundancy
- play_arrow Link Bundling
  - Inline Multlink Services
play_arrow Traffic Load Balancer
- play_arrow Traffic Load Balancer
  - Traffic Load Balancer
play_arrow Services Card Redundancy
- play_arrow Services Card Redundancy for MS-MPC and MS-MIC
  - Load Balancing and High Availability With Aggregated Multiservices Interfaces on MS-MPC and MS-MIC
- play_arrow Services Card Redundancy for Multiservices PIC
  - Configuring AS or Multiservices PIC Redundancy
play_arrow Voice Services
- play_arrow Voice Services
  - Voice Services
play_arrow Layer 2 PPP Tunnels
- play_arrow Layer 2 Tunneling of PPP Packets
  - Layer 2 Tunneling of PPP Packets
play_arrow URL Filtering
- play_arrow URL Filtering
  - URL Filtering
play_arrow Configuration Statements and Operational Commands
- [OBSOLETE] unidirectional-session-refreshing
- Junos CLI Reference Overview

list Table of Contents

English

keyboard_arrow_right

Static Destination NAT

date_range 24-Nov-23

arrow_backward

arrow_forward

Configuring Static Destination Address Translation in IPv4 Networks

To use destination address translation, the size of the pool address space must be greater than or equal to the destination address space. You must specify a name for the destination-pool statement, which can contain multiple addresses, ranges, or prefixes, as long as the number of NAT addresses in the pool is larger than the number of destination addresses in the from statement.

To configure destination address translation in IPv4 networks:

In configuration mode, go to the [edit services] hierarchy level.
```
[edit]
user@host# edit services
```
Configure the service set and the NAT rule.
```
[edit services]
user@host# set service-set service-set-name nat-rules rule-name
```
In the following example, the name of the service set is s1 and the name of the NAT rule is rule-dnat44.
```
[edit services]
user@host# set service-set s1 nat-rules rule-dnat44
```
Go to the [interface-service] hierarchy level of the service set.
```
[edit services]
user@host# edit service-set s1 interface-service
```
Configure the service interface.
```
 [edit services service-set s1  interface-service]
user@host# set service-interface service-interface-name
```
In the following example, the name of the service interface is ms-0/1/0.

Note:
If the service interface is not present in the router, or the specified interface is not functional, the following command can result in an error.
```
 [edit services service-set s1  interface-service]
user@host# set service-interface ms-0/1/0
```
Go to the [edit services nat] hierarchy level. Issue the following command from the top of the services hierarchy, or use the top keyword.
```
 [edit services service-set s1]
user@host# top editservices nat
```
Configure the NAT pool with an address.
```
 [edit services nat]
user@host# set pool pool-name address address
```
In the following example, dest-pool is used as the pool name and 4.1.1.2 as the address.
```
user@host# set pool dest-pool address 4.1.1.2
```

Configure the rule, match direction, term, and destination address.

content_copy zoom_out_map
[edit services nat]
user@host# set rule rule-name match-direction match-direction term term-name from destination-address  address

In the following example, the name of the rule is rule-dnat44, the match direction is input, the name of the term is t1, and the address is 20.20.20.20.

content_copy zoom_out_map
[edit services nat]
user@host# set rule rule-dnat44 match-direction  input term t1 from destination-address 20.20.20.20

Go to the [edit services nat rule rule-dnat44 term t1] hierarchy level.
```
[edit services nat]
user@host# edit rule rule-dnat44 term t1
```

Configure the destination pool and the translation type.

content_copy zoom_out_map
[edit services nat rule rule-dnat44 term t1]
user@host# set then translated destination-pool dest-pool-name translation-type translation-type

In the following example, the destination pool name is dest-pool, and the translation type is dnat-44.

content_copy zoom_out_map
[edit services nat rule rule-dnat44 term t1]
user@host# set then translated destination-pool  dest-pool translation-type dnat-44 

Go to the [edit services adaptive-services-pics] hierarchy level. In the following command, the top keyword ensures that the command is run from the top of the hierarchy.
```
[edit services nat rule rule-dnat44 term t1] 
user@host# top edit services adaptive-services-pics
```

Configure the trace options.

content_copy zoom_out_map
[edit services adaptive-services-pics]
user@host# set traceoptions flag tracing parameter

In the following example, the tracing parameter is configured as all.

content_copy zoom_out_map
[edit services adaptive-services-pics]
user@host# set traceoptions flag all

Verify the configuration by using the show command at the [edit services] hierarchy level.

content_copy zoom_out_map
[edit services]
user@host# show 
service-set s1 {
    nat-rules rule-dnat44;
    interface-service {
        service-interface ms-0/1/0;
    }
}
 nat {
    pool dest-pool {
        address 4.1.1.2/32;
    }
    rule rule-dnat44 {
        match-direction input;
        term t1 {
            from {
                destination-address {
                    20.20.20.20/32;
                }
            }
            then {
                translated {
                    destination-pool dest-pool;
                    translation-type {
                        dnat-44;
                    }
                }
            }
        }
    }
}
  adaptive-services-pics {
    traceoptions {
        flag all;
    }
  }

The following example configures the translation type as dnat-44.

content_copy zoom_out_map
[edit services]
user@host# show 
service-set s1 {
    nat-rules rule-dnat44;
    interface-service {
        service-interface ms-0/1/0;
    }
}
 nat {
    pool dest-pool {
        address 4.1.1.2/32;
    }
    rule rule-dnat44 {
        match-direction input;
        term t1 {
            from {
                destination-address {
                    20.20.20.20/32;
                }
            }
            then {
                translated {
                    destination-pool dest-pool;
                    translation-type {
                        dnat-44;
                    }
                }
            }
        }
    }
}
  adaptive-services-pics {
    traceoptions {
        flag all;
    }
  }

In the following configuration, term1 configures source address translation for traffic from any private address to any public address. The translation is applied for all services. term2 performs destination address translation for Hypertext Transfer Protocol (HTTP) traffic from any public address to the server’s virtual IP address. The virtual server IP address is translated to an internal IP address.

[edit services nat]
rule my-nat-rule {
    match-direction input;
    term my-term1 {
        from {
            source-address private;
            destination-address public;
        }
        then {
            translated {
                source-pool my-pool; # pick address from a pool
                translation-type napt-44; # dynamic NAT with port translation
            }
        }
    }
    }
    rule my-nat-rule2 {
    match-direction input;
    term my-term2 {
        from {
            destination-address 192.168.137.3; # my server’s virtual address
            application http;
        }
        then {
            translated {
                destination-pool nat-pool-name;
                translation-type dnat-44; # static destination NAT
            }
        }
    }
}
}

The following configuration performs NAT using the destination prefix 20.20.10.0/32 without defining a pool.

content_copy zoom_out_map
[edit services nat]
rule src-nat {
    match-direction input;
    term t1 {
        from {
            destination-address 10.10.10.10/32;
            then {
                translation-type dnat44;
                destination-prefix 20.20.10.0/24;
            }
        }
    }
}

arrow_backward PREVIOUS Static Source NAT

NEXT arrow_forward Network Address Port Translation

Adaptive Services Interfaces User Guide for Routing Devices

Static Destination NAT

Configuring Static Destination Address Translation in IPv4 Networks

Stay in touch

Helped me install or use the product
Accelerated my deployment

Discuss the product with a co-worker
Make a purchase inquiry

Adaptive Services Interfaces User Guide for Routing Devices

Static Destination NAT

Configuring Static Destination Address Translation in IPv4 Networks

See Also

Stay in touch