Junos
Junos

Inline NAT on MX40 - Interface Overload equivalent

2 weeks ago

Hi,

 

Im trying to do an interface overload equivalnet like in Cisco. Im informed i can only do inline NAT. Not sure how to go about this.

Device is MX40 with a MIC-3D-20GE-SFP Junos 18.x

I need 1.1.1.4 to translate to 2.2.2.4

Left side interface IP is 1.1.1.1/24 and right side IP on MX is 2.2.2.1/29

Assist with config please.

4 REPLIES 4
Junos

Re: Inline NAT on MX40 - Interface Overload equivalent

2 weeks ago

The configs done are as below ... Its a router on a stick kind of design.

 

# Interface Configs
set interfaces ge-1/0/1 gigether-options 802.3ad ae0
set interfaces ge-1/0/2 gigether-options 802.3ad ae0
#
set interfaces ae0 unit 111 description INSIDE
set interfaces ae0 unit 111 vlan-id 111
set interfaces ae0 unit 111 family inet address 1.1.1.1/24
set interfaces ae0 unit 222 description OUTSIDE
set interfaces ae0 unit 222 vlan-id 222
set interfaces ae0 unit 222 family inet address 2.2.2.1/29

 

## Enable inline services, create an si- interface, reserve bandwidth ##
set chassis fpc 1 pic 0 inline-services bandwidth 1g
set interfaces si-1/0/0 unit 0 family inet

 

## Configure a NAT rule and pool ##
set services nat rule Internet_NAT_Rule match-direction input
set services nat rule Internet_NAT_Rule term R1 from source-address 1.1.1.4/32
set services nat rule Internet_NAT_Rule term R1 then translated translation-type basic-nat44
set services nat rule Internet_NAT_Rule term R1 then translated source-pool Internet_NAT_Pool
set services nat pool Internet_NAT_Pool address 2.2.2.4/32

 

## Configure the (interface-style) service set ##
set services service-set NAT-Set nat-rules Internet_NAT_Rule
set services service-set NAT-Set interface-service service-interface si-1/0/0.0

 

## Attach NAT set to Infertface
set interfaces ae0 unit 111 family inet service input service-set NAT-Set
set interfaces ae0 unit 111 family inet service output service-set NAT-Set

Junos

Re: Inline NAT on MX40 - Interface Overload equivalent

2 weeks ago

Hello,

 

Hope all is well, do you mean PAT when talking about "Interface Overload", correct?  if that is the case, inline NAT does not support PAT, hence, you will need an MS card, please, see below:

 

"NOTESmiley Surprisednly static NAT is supported. Port translation and dynamic NAT are not supported. An MS-MPC, MS-MIC, MS-DPC, or MS-PIC is still needed for any stateful-firewall processing and dynamic port translation."

https://www.juniper.net/documentation/en_US/junos/topics/concept/nat-inline-nat-overview.html

 

Let me know if I am correct about the "Interface Overload" or if further clarification is required.

 

Thanks.

Rommel Izquierdo

Junos

Re: Inline NAT on MX40 - Interface Overload equivalent

2 weeks ago

Hi,

 

I just need to do a NAT from one network to another prefably from a /24 to a /32 IP.

If I dont have the MPC/MIC/DPC, what options do I have?

Junos

Re: Inline NAT on MX40 - Interface Overload equivalent

2 weeks ago

Hello,

 

Thanks, how are you confirming it is not working?

 

Here you have an example for MX80:

https://kb.juniper.net/InfoCenter/index?page=content&id=KB27333&cat=MX80&actp=LIST

 

I think you cannot overlap the pool with IPs configured on the router, hence, you need to use another pool or public IP adress(2.2.2.0), also, since you have one-to-one NAT, you can try with subnets of the same size.

 

NOTE:The original destination address, along with other addresses in source and destination NAT pools, must not overlap within the same routing instance.

https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-nat-static.html