SRX Services Gateway
SRX Services Gateway

persistent-NAT

05.19.17   |  
‎05-19-2017 06:02 AM

Does anyone has another way or another material to study persistent-NAT ???

im really upset with the juniper explanation of persistent NAT Smiley Sad Smiley Sad 

4 REPLIES
SRX Services Gateway

Re: persistent-NAT

05.19.17   |  
‎05-19-2017 12:02 PM
Highlighted
SRX Services Gateway

Re: persistent-NAT

05.19.17   |  
‎05-19-2017 04:50 PM

Hi Sahil,

How you doing,

for example:: Persistent NAT ensures that all requests from the same internal transport address are mapped to the same reflexive transport address (the public IP address and port created by the NAT device closest to the STUN server)

 

i have tested and searched and found that persistent-NAT doesnt ensure that you will use the same reflexive-address for each session ( this is the functionalty of address persistent not persistent NAT)

and for example when you initiate a ping session and using persistent NAT you will find that the internal host use a different address for each ping and this waste the pool addresses

 

and i dont understand this::

 

Note: Persistent NAT is different from the persistent address feature (see Understanding Persistent Addresses). The persistent address feature applies to address mappings for source NAT pools configured on the device. The persistent NAT feature applies to address mappings on an external NAT device, and is configured for a specific source NAT pool or egress interface. Also, persistent NAT is intended for use with STUN client/server applications.

SRX Services Gateway

Re: persistent-NAT

[ Edited ]
05.19.17   |  
‎05-19-2017 11:12 PM

Hi Ahmed,

 

 

Please refer the below documents to understand peristent NAT and the its difference with address-persistent NAT and i think what youa re looking for here is address-persistent NAT. Ple4ase correct me if i am wrong.

 

https://www.juniper.net/documentation/en_US/junos/topics/concept/nat-security-source-persistent-nat-...

https://kb.juniper.net/InfoCenter/index?page=content&id=KB20711

 

Hope this Helps Smiley Happy

 

Thanks,
Pulkit Bhandari
Please mark my response as Solution Accepted if it Helps, Kudos are Appreciated too. Smiley Happy

SRX Services Gateway

Re: persistent-NAT

05.20.17   |  
‎05-20-2017 04:06 AM

Address-persistent allows an initiating host INSIDE THE NAT, to be given the same translated address from a pool of addresses for multiple-concurrent sessions.
The address-persistent feature applies to address mappings ONLY for “SOURCE NAT” USING AN ADDRESS POOL, to ensure that the initiating host keep the same IP address from that pool.
Just remember this: address-persistency” applies only the “source NAT” USING ADDRESS POOL, to ensure that the initiating host keep the same IP address for multiple con-current sessions.


Persistent NAT feature applies to address mappings on the external side of the NAT; it is configured for a specific egress source NAT pool or egress interface and maps all requests from the same internal host IP address and port to the same external IP address and port. The external IP Address and port combination mapping is referred to as a “reflexive transport address.”
. Persistent NAT was designed mainly for use with STUN client/server applications.
It is very similar in operation to address-persistent. However, “address-persistent” does NOT allow external hosts to initiate communication with the internal client. Whereas, persistent NAT allows external hosts to be able to initiate sessions to that with the client behind the NAT. By default, a NAT device will drop packets intended for hosts behind the NAT if the session was not initiated from the internal host.
There are 3 types of persistent-NAT that can be configured on the SRX.
any-remote-host - replaces full cone NAT;
target-host - replaces "restricted cone NAT";
target-host-port - "port restricted cone NAT"

[KUDOS PLEASE! If you think I earned it!
If this solution worked for you please flag my post as an "Accepted Solution" so others can benefit..]