SRX Services Gateway
Showing results for 
Search instead for 
Do you mean 
Reply
Contributor
Posts: 46
Registered: ‎03-11-2017
0 Kudos

persistent-NAT

Does anyone has another way or another material to study persistent-NAT ???

im really upset with the juniper explanation of persistent NAT Smiley Sad Smiley Sad 

Recognized Expert
Posts: 198
Registered: ‎04-03-2015

Re: persistent-NAT

Contributor
Posts: 46
Registered: ‎03-11-2017
0 Kudos

Re: persistent-NAT

Hi Sahil,

How you doing,

for example:: Persistent NAT ensures that all requests from the same internal transport address are mapped to the same reflexive transport address (the public IP address and port created by the NAT device closest to the STUN server)

 

i have tested and searched and found that persistent-NAT doesnt ensure that you will use the same reflexive-address for each session ( this is the functionalty of address persistent not persistent NAT)

and for example when you initiate a ping session and using persistent NAT you will find that the internal host use a different address for each ping and this waste the pool addresses

 

and i dont understand this::

 

Note: Persistent NAT is different from the persistent address feature (see Understanding Persistent Addresses). The persistent address feature applies to address mappings for source NAT pools configured on the device. The persistent NAT feature applies to address mappings on an external NAT device, and is configured for a specific source NAT pool or egress interface. Also, persistent NAT is intended for use with STUN client/server applications.

Super Contributor
Posts: 110
Registered: ‎01-19-2015
0 Kudos

Re: persistent-NAT

[ Edited ]

Hi Ahmed,

 

 

Please refer the below documents to understand peristent NAT and the its difference with address-persistent NAT and i think what youa re looking for here is address-persistent NAT. Ple4ase correct me if i am wrong.

 

https://www.juniper.net/documentation/en_US/junos/topics/concept/nat-security-source-persistent-nat-...

https://kb.juniper.net/InfoCenter/index?page=content&id=KB20711

 

Hope this Helps Smiley Happy

 

Thanks,
Pulkit Bhandari
Please mark my response as Solution Accepted if it Helps, Kudos are Appreciated too. Smiley Happy

Distinguished Expert
Posts: 1,757
Registered: ‎06-06-2011
0 Kudos

Re: persistent-NAT

Address-persistent allows an initiating host INSIDE THE NAT, to be given the same translated address from a pool of addresses for multiple-concurrent sessions.
The address-persistent feature applies to address mappings ONLY for “SOURCE NAT” USING AN ADDRESS POOL, to ensure that the initiating host keep the same IP address from that pool.
Just remember this: address-persistency” applies only the “source NAT” USING ADDRESS POOL, to ensure that the initiating host keep the same IP address for multiple con-current sessions.


Persistent NAT feature applies to address mappings on the external side of the NAT; it is configured for a specific egress source NAT pool or egress interface and maps all requests from the same internal host IP address and port to the same external IP address and port. The external IP Address and port combination mapping is referred to as a “reflexive transport address.”
. Persistent NAT was designed mainly for use with STUN client/server applications.
It is very similar in operation to address-persistent. However, “address-persistent” does NOT allow external hosts to initiate communication with the internal client. Whereas, persistent NAT allows external hosts to be able to initiate sessions to that with the client behind the NAT. By default, a NAT device will drop packets intended for hosts behind the NAT if the session was not initiated from the internal host.
There are 3 types of persistent-NAT that can be configured on the SRX.
any-remote-host - replaces full cone NAT;
target-host - replaces "restricted cone NAT";
target-host-port - "port restricted cone NAT"

[KUDOS PLEASE! If you think I earned it!
If this solution worked for you please flag my post as an "Accepted Solution" so others can benefit..]