SRX Services Gateway
Reply
Recognized Expert
rasmus
Posts: 377
Registered: ‎02-28-2010
0

DNAT with PAT + Patterned NAT

[ Edited ]

 

I have two questions ...

 

1. Can I configure Destination NAT with Portal Translation on SRX, like

 

     Destination 192.168.1.100:80 translated to 10.10.10.1:8080

 

 

1. Can I configure Destination NAT with some pattern in single rule without making long rule list, like

 

     192.168.1.1 translated to 10.10.10.1

     192.168.1.2 translated to 10.10.10.2

     192.168.1.3 translated to 10.10.10.3

           :                                             :

           :                                             :

           :                                             :

     192.168.1.254 translated to 10.10.10.254

 

Thanks in advance

Farooq

Hafiz Muhammad Farooq
JNCIE-SEC, JNCIP-SEC, JNCIS-SEC, JNCIS-FWV
JNCIS-SP, JNCIS-SA, JNCIA-JUNOS
IBM Qradar Deployment Professional

[Please mark it as Accepted Solution if it works, Kudos if you like]

Super Contributor
motd
Posts: 221
Registered: ‎12-16-2008
0

Re: DNAT with PAT + Patterned NAT

1:

set security nat destination pool server1 address 10.10.10.1 port 8080

set security nat destination rule-set dst-nat from zone untrust
set security nat destination rule-set dst-nat rule r1 match destination-address 192.168.1.100

set security nat destination rule-set dst-nat rule r1 match destination-port 80

set security nat destination rule-set dst-nat rule r1 then destination-nat pool server1

 

2: you can do this with static nat, but i'm not sure about dnat. There are some examples here: http://kb.juniper.net/library/CUSTOMERSERVICE/technotes/Junos_NAT_Examples.pdf . In general, i prefer statics, unless ports need to be translated.

Recognized Expert
rasmus
Posts: 377
Registered: ‎02-28-2010
0

Re: DNAT with PAT + Patterned NAT

Thanks for reply

 

DNAT+PAT solution i got test, and tested ....

 

However, about Pattern specific NAT, i want only uni-directional NAT, static nat is not required ....

 

Thanks for reply

Hafiz Muhammad Farooq
JNCIE-SEC, JNCIP-SEC, JNCIS-SEC, JNCIS-FWV
JNCIS-SP, JNCIS-SA, JNCIA-JUNOS
IBM Qradar Deployment Professional

[Please mark it as Accepted Solution if it works, Kudos if you like]

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.