Hi ,
Yes, all 4 will be translated to the same source address (the single address in the pool) but with a different source-port .
For example,
root@R1# show security nat
source {
pool p1 {
address {
100.1.1.1/32;
}
}
rule-set 1 {
from zone inside;
to zone outside;
rule 1 {
match {
source-address 192.168.1.0/24;
}
then {
source-nat {
pool {
p1;
}
}
}
}
}
}
two internal host 192.168.1.2 and 192.168.1.4 are going out and can see their source address translated to 100.1.1.1 and a different source-port (PAT).
root@R1# run show security flow session destination-prefix 192.168.3.2
Session ID: 83, Policy name: default-policy/2, Timeout: 48, Valid
In: 192.168.1.2/46 --> 192.168.3.2/1;icmp, If: vlan.3, Pkts: 1, Bytes: 60
Out: 192.168.3.2/1 --> 100.1.1.1/11759;icmp, If: ge-0/0/2.0, Pkts: 0, Bytes: 0
Session ID: 84, Policy name: default-policy/2, Timeout: 50, Valid
In: 192.168.1.4/5 --> 192.168.3.2/1;icmp, If: vlan.3, Pkts: 1, Bytes: 60
Out: 192.168.3.2/1 --> 100.1.1.1/10628;icmp, If: ge-0/0/2.0, Pkts: 0, Bytes: 0
Session ID: 85, Policy name: default-policy/2, Timeout: 52, Valid
In: 192.168.1.2/47 --> 192.168.3.2/1;icmp, If: vlan.3, Pkts: 1, Bytes: 60
Out: 192.168.3.2/1 --> 100.1.1.1/21082;icmp, If: ge-0/0/2.0, Pkts: 0, Bytes: 0
Session ID: 86, Policy name: default-policy/2, Timeout: 54, Valid
In: 192.168.1.4/6 --> 192.168.3.2/1;icmp, If: vlan.3, Pkts: 1, Bytes: 60
Out: 192.168.3.2/1 --> 100.1.1.1/12666;icmp, If: ge-0/0/2.0, Pkts: 0, Bytes: 0
Session ID: 88, Policy name: default-policy/2, Timeout: 58, Valid
In: 192.168.1.2/48 --> 192.168.3.2/1;icmp, If: vlan.3, Pkts: 1, Bytes: 60
Out: 192.168.3.2/1 --> 100.1.1.1/14165;icmp, If: ge-0/0/2.0, Pkts: 0, Bytes: 0
Session ID: 90, Policy name: default-policy/2, Timeout: 60, Valid
In: 192.168.1.4/7 --> 192.168.3.2/1;icmp, If: vlan.3, Pkts: 1, Bytes: 60
Out: 192.168.3.2/1 --> 100.1.1.1/7172;icmp, If: ge-0/0/2.0, Pkts: 0, Bytes: 0