Hi all,
I want to open the topic compare with source + destination NAT vs static NAT.
Like you know:
- Source NAT supports internal IP access to the Internet and is one-way direction
- Destination NAT supports access internal IP through IP public from the Internet and is also unidirectional connection.
- Static NAT is known 1-1 mapping.
So what happens when deploying source + destination NAT instead of using static NAT.
I have a topology:
PC: 192.168.1.10/24 ------------ SRX ge0/0/0: 10.10.10.1/24--------- the Internet.
Destination NAT: 1.1.1.1 to 192.168.1.10; source NAT pool is also 1.1.1.1 or use source NAT interface
if I use static NAT, the traffic flow like below
IN: 12.12.12.1/123 -> 1.1.1.1/80
OUT 192.168.1.10/80 -> 12.12.12.1/123
Reverse static
IN: 192.168.1.10/123 -> 12.12.12.1/23
OUT 12.12.12.1/23 -> 1.1.1.1/123
and when I use source + destination NAT
The non-reverse static is approximate
IN: 12.12.12.1/123 -> 1.1.1.1/80
OUT: 192.168.1.10/80 -> 12.12.12.1/123
The resverse statis is approximate
IN: 192.168.1.10/123 -> 12.12.12.1/23
OUT 12.12.12.1/23 -> 1.1.1.1/456
So I think source + destination NAT is okay to deploy bi-directional connection. In a nutshell, what's the root cause to use static NAT? Please clarify for me to truly understand.
Regards,
Hoang Nguyen Huy