SRX

Hi all, 

I want to open the topic compare with source + destination NAT vs static NAT. 
Like you know:
- Source NAT supports internal IP access to the Internet and is one-way direction
- Destination NAT supports access internal IP through IP public from the Internet and is also unidirectional connection.

- Static NAT is known 1-1 mapping.
So what happens when deploying source + destination NAT instead of using static NAT. 

I have a topology: 

PC: 192.168.1.10/24 ------------ SRX  ge0/0/0: 10.10.10.1/24--------- the Internet. 

Destination NAT: 1.1.1.1 to 192.168.1.10; source NAT pool is also 1.1.1.1 or use source NAT interface

if I use static NAT, the traffic flow like below
IN:     12.12.12.1/123 ->  1.1.1.1/80
OUT  192.168.1.10/80 -> 12.12.12.1/123
Reverse static
IN:     192.168.1.10/123 -> 12.12.12.1/23
OUT  12.12.12.1/23 -> 1.1.1.1/123

and when I use source + destination NAT
The non-reverse static is approximate 
IN: 12.12.12.1/123 -> 1.1.1.1/80 
OUT: 192.168.1.10/80 -> 12.12.12.1/123 
The resverse statis is approximate 
IN:     192.168.1.10/123 -> 12.12.12.1/23
OUT  12.12.12.1/23 -> 1.1.1.1/456

So I think source + destination NAT is okay to deploy bi-directional connection. In a nutshell, what's the root cause to use static NAT? Please clarify for me to truly understand. 

Regards, 
Hoang Nguyen Huy

 

You can use the combination of source and destination NAT and have the same effect as Static NAT.

Static NAT is simply a short cut that allows you to do the both directions NAT all in one configuration.  You can use whichever you prefer.