- play_arrow Overview
- play_arrow Next Gen Services Overview
- play_arrow Configuration Overview
- Configuration Differences Between Adaptive Services and Next Gen Services on the MX-SPC3
- Next Gen Services Feature Configuration Overview
- How to Configure Services Interfaces for Next Gen Services
- How to Configure Interface-Style Service Sets for Next Gen Services
- How to Configure Next-Hop Style Service Sets for Next Gen Services
- How to Configure Service Set Limits for Next Gen Services
- Example: Next Gen Services Inter-Chassis Stateful High Availability for NAT and Stateful Firewall (MX-SPC3)
- Example: Configuring AutoVPN with Pre-Shared Key
- Enabling and Disabling Next Gen Services
- play_arrow Global System Logging Overview and Configuration
- Understanding Next Gen Services CGNAT Global System Logging
- Enabling Global System Logging for Next Gen Services
- Configuring Local System Logging for Next Gen Services
- Configuring System Logging to One or More Remote Servers for Next Gen Services
- System Log Error Messages for Next Gen Services
- Configuring Syslog Events for NAT Rule Conditions with Next Gen Services
- play_arrow Next Gen Services SNMP MIBS and Traps
-
- play_arrow Stateful Firewall Services
- play_arrow Stateful Firewall Services Overview and Configuration
-
- play_arrow Intrusion Detection Services
- play_arrow IDS Screens for Network Attack Protection Overview and Configuration
-
- play_arrow Traffic Load Balancing
- play_arrow Traffic Load Balancing Overview and Configuration
-
- play_arrow DNS Request Filtering
- play_arrow DNS Request Filtering Overview and Configuration
-
- play_arrow URL Filtering
- play_arrow URL Filtering
-
- play_arrow Integration of Juniper ATP Cloud and Web filtering on MX Routers
- play_arrow Integration of Juniper ATP Cloud and Web filtering on MX Routers
-
- play_arrow Aggregated Multiservices Interfaces
- play_arrow Enabling Load Balancing and High Availability Using Multiservices Interfaces
-
- play_arrow Inter-Chassis Services PIC High Availability
- play_arrow Inter-Chassis Services PIC High Availability Overview and Configuration
- Next Gen Services Inter-chassis High Availability Overview for NAT, Stateful Firewall, and IDS Flows
- Inter-Chassis Stateful Synchronization for Long Lived NAT, Stateful Firewall, and IDS Flows for Next Gen Services
- Inter-Chassis Services Redundancy Overview for Next Gen Services
- Configuring Inter-Chassis Services Redundancy for Next Gen Services
-
- play_arrow Application Layer Gateways
- play_arrow Enabling Traffic to Pass Securely Using Application Layer Gateways
-
- play_arrow NAT, Stateful Firewall, and IDS Flows
- play_arrow Inline NAT Services Overview and Configuration
-
- play_arrow Configuration Statements
NAT46 Next Gen Services Configuration Examples
Staring in Junos OS Release 20.2R1 you can run NAT46 Next Gen Services.
Starting in Junos OS Release 20.2R1, Network Address Translation and Protocol Translation (NAT-PT) [RFC2766] are supported for CGNAT Next Gen Services. NAT46 is a IPv4-to-IPv6 transition mechanism that provides a way for end-nodes in IPv6 realm to communicate with end-nodes in IPv4 realm and vice versa. This is achieved using a combination of Network Address Translation and Protocol Translation.
NAT46 is supported on both the SRX and on MX240, MX480, and MX960 for CGNAT Next Gen Services. This topic provides example configurations to help you understand how to configure NAT46 CGNAT Next Gen Services on these MX Series routers.
These examples are for SRX Series Firewalls. However, you can use these same examples
to configure NAT46 Next Gen Services on MX Series devices. Use the configuration
statements under the [edit services....] hierarchy on MX Series
devices to configure NAT46 Next Gen Services.
You can find these examples here: IPv6 NAT
There are four examples available:
Configuring an IPv4-Initiated Connection to an IPv6 Node Using Default Destination Address Prefix Static Mapping — This example shows how to configure an IPv4-initiated connection to an IPv6 node using default destination address prefix static mapping.
Configuring an IPv4-Initiated Connection to an IPv6 Node Using Static Destination Address One-to-One Mapping — This example shows how to configure an IPv4-initiated connection to an IPv6 node using static destination address one-to-one mapping.
Configuring an IPv6-Initiated Connection to an IPv4 Node Using Default Destination Address Prefix Static Mapping — This example shows how to configure an IPv6-initiated connection to an IPv4 node using default destination address prefix static mapping. This example does not show how to configure the NAT translation for the reverse direction.
Configuring an IPv6-Initiated Connection to an IPv4 Node Using Static Destination Address One-to-One Mapping — This example shows how to configure an IPv6-initiated connection to an IPv4 node using static destination address one-to-one mapping.
NAT46 Support Summary
NAT46 for Next Gen Services supports the following:
ICMP, TCP, and UDP protocol packets.
Static mapping is used to communicate between the IPv4 to IPv6 side of the subscriber connection.
Bi-directional traffic flow is supported if you have other ways to convey the mapping between the IPv6 address and the dynamically allocated IPv4 address.
NAT46 supports DNS, ICMP , nd FTP ALGs.
Keep these things in mind when configuring NAT46 for Next Gen Services:
No support of NAT64 feature described in NAT-PT (RFC 2765).
Static NAT is not used for the source translation in any NAT scenario.
Except DNS, FTP and ICMP, other ALGs are not supported for NAT46.
AMS functionality is not supported for NAT46.
Port translation is not tested with Source Address NAT (when source pool is a IPv6 prefix) for the NAT46 feature.
NAT46 Sample Configuration
This sample configuration applies for MX Series devices:
services {
nat {
source {
pool ipv6_prefix {
address 27a6::/96;
}
rule-set myipv6_rs {
rule ipv6_rule {
match {
source-address 10.1.1.1/30 ;
destination-address 27a6::a0a:a2d/126;
}
then {
source-nat {
pool {
ipv6_prefix;
}
}
}
}
match-direction input;
}
}
static {
rule-set test_rs {
rule test_rule {
match {
destination-address ip-address;
}
then {
static-nat {
prefix ip-address;
}
}
}
.....match-direction input;
}
}
}
service-set sset1 {
...
nat-rule-sets test_rs;
nat-rule-sets myipv6_rs;
...
}
}
Change History Table
Feature support is determined by the platform and release you are using. Use Feature Explorer to determine if a feature is supported on your platform.
