Configuring Twice Static NAT44 for Next Gen Services
Configuring the Source and Destination Pools for Twice Static NAT44
To configure the source and destination pools for twice static NAT44:
- Create a source pool.
user@host# edit services nat source pool nat-pool-name
- Define the addresses or subnets to which source addresses
are translated.
[edit services nat source pool nat-pool-name] user@host# set address address-prefix
or
[edit services nat source pool nat-pool-name] user@host# set address address-prefix to address address-prefix
- Configure a one-to-one static shifting of a range of original
source addresses to the range of addresses in the source pool by specifying
the base address of the original source address range.
[edit services nat source pool nat-pool-name] user@host# set host-address-base ip-address
For example, if the host address base is 198.51.100.30 and the NAT pool uses the range 203.0.113.10 to 203.0.113.20, then 198.51.100.30 translates to 203.0.113.10, 198.51.100.31 translates to 203.0.113.11, and so on.
- Create a destination pool. Do not use the same name that
you used for the source pool.
user@host# edit services nat destination pool nat-pool-name
- Define the addresses or subnets to which destination addresses
are translated.
[edit services nat destination pool nat-pool-name] user@host# set address address-prefix
- To allow the IP addresses of a NAT pool to overlap with
IP addresses in pools used in other service sets, configure
allow-overlapping-pools.[edit services nat] user@host# set allow-overlapping-pools
Configuring the NAT Rules for Twice Static NAT44
To configure the source and destination NAT rules for twice static NAT44:
- Configure the source NAT rule name.
[edit services nat source] user@host# set rule-set rule-set-name rule rule-name
- Specify the traffic direction to which the NAT rule set
applies.
[edit services nat source rule-set rule-set-name] user@host# set match-direction (in | out | in-out)
- Specify the addresses that are translated by the source
NAT rule.
To specify one address or prefix value:
[edit services nat source rule-set rule-set-name rule rule-name] user@host# set match source-address address
To specify a range of addresses, configure an address book global address with the desired address range, and assign the global address to the NAT rule:
[edit services address-book global] user@host# set address address-name range-address lower-limit to upper-limit [edit services nat source rule-set rule-set-name rule rule-name] user@host# set match source-address-name address-name
To specify any unicast address:
[edit services nat source rule-set rule-set-name rule rule-name] user@host# set match source-address any-unicast
- Specify one or more application protocols to which the
source NAT rule applies. The number of applications listed in the
rule must not exceed 3072.
[edit services nat source rule-set rule-set-name rule rule-name] user@host# set match application [application-name]
- Specify the source NAT pool that contains the addresses
for translated traffic.
[edit services nat source rule-set rule-set-name rule rule-name] user@host# set then source-nat pool nat-pool-name
- Configure the generation of a syslog when traffic matches
the NAT rule conditions.
[edit services nat source rule-set rule-set-name rule rule-name then] user@host# set syslog
- Configure the destination NAT rule name.
[edit services nat destination] user@host# set rule-set rule-set-name rule rule-name
- Specify the traffic direction to which the destination
NAT rule set applies.
[edit services nat destination rule-set rule-set-name] user@host# set match-direction (in | out | in-out)
- Specify the destination addresses of traffic that the
destination NAT rule applies to.
[edit services nat destination rule-set rule-set-name rule rule-name] user@host# set match destination-address address
To specify a range of addresses, configure an address book global address with the desired address range, and assign the global address to the NAT rule:
[edit services address-book global] user@host# set address address-name range-address lower-limit to upper-limit [edit services nat destination rule-set rule-set-name rule rule-name] user@host# set match destination-address-name address-name
To specify any unicast address:
[edit services nat destination rule-set rule-set-name rule rule-name] user@host# set match destination-address any-unicast
- Specify one or more application protocols to which the
destination NAT rule applies. The number of applications listed in
the rule must not exceed 3072.
[edit services nat source rule-set rule-set-name rule rule-name] user@host# set match application [application-name]
- Specify the destination NAT pool that contains the destination
addresses for translated traffic.
[edit services nat destination rule-set rule-set-name rule rule-name] user@host# set then destination-nat pool nat-pool-name
- Configure the generation of a syslog when traffic matches
the destination NAT rule match conditions.
[edit services nat destination rule-set rule-set-name rule rule-name then] user@host# set syslog
Configuring the Service Set for Twice Static NAT44
To configure the service set for twice static NAT44:
- Define the service set.
[edit services] user@host# edit service-set service-set-name
- Configure either an interface service, which requires
a single service interface, or a next-hop service, which requires
an inside and outside service interface.
[edit services service-set service-set-name] user@host# set interface-service service-interface interface-name
or
[edit services service-set service-set-name] user@host# set next-hop-service inside-service-interface interface-name outside-service-interface interface-name
- Specify the NAT rule sets to be used with the service
set. Include the source NAT rule set and the destination NAT rule
set.
[edit services service-set service-set-name] user@host# set nat-rule-sets rule-set-name