Screen OS

Hello all,

I appreciate you guys according to continuously replying to me.

This question is about PAT.

I know Juniper Firewall has 3 options. (MIP, DIP, VIP).

At first, I supposed to start PAT using VIP.

But, there is something problem.

That is about port number.

I just  have to configure 1(Public IP) : N(Private IP).   :   just IP not portnumber.

I think you have the experience about configuring PAT on Cisco router.

I want to know the method what Cisco has.

Please reply me guys.

Thank you.

Regards,

SK.

Check the KB : http://kb.juniper.net/InfoCenter/index?page=content&id=KB12631&actp=search . Does diagram and traffic flow matches with your requirement? If yes, then follow the below:

Configure the address object for the public address:

set address trust server-pub 1.1.1.100/32    <-- this his is public IP address outside the                                                       subnet of untrust zone subnet.  


Configure a route for the public address to point in the direction of the private address:

set interface ethernet0/0 zone trust         
set route 1.1.1.100/32 int e0/0               <-- This will force traffic to trust zone, this                                                will further help to policy condition match                    


Configure the destination translation within a policy:

set policy from untrust to trust any server-pub any nat dst ip 192.168.1.100 permits


 

Let me know if your Public IP is same as untrust zone subnet IP then I will send you another sample of the case.

 

Thanks,

Vikas

Thank you vikassingh.

This URL information you linked was really helpful!

However, I also want to know using WebUI ! 

Maybe you know that?

Regards,

SK.

Hi SK,

I am unable to find a KB referring the same via GUI. However, you can make same configuration using below steps:

1:set address trust server-pub 1.1.1.100/32

    GUI--> Policy --> policy elements -->click on new --> configure the name(e.g. server-pub as per the CLI) and IP(e.g. 1.1.1.100/32), select the zone from the drop down  (e.g. trust) and click OK.

2: set interface ethernet0/0 zone trust

GUI--> Network --> interfaces --> select the appreciate interface, click edit. It will open a new window, select the zone from the drop down here.  Click on Apply and OK.

3: set route 1.1.1.100/32 int e0/0

   GUI --> Networks --> Routing --> destination --> Select VR from drop down in the right corner. Most probably trust-vr. Now click on "new" to add a new route. It will open a new window.

   Configure the IP/netmast --> Click on "gateway" instead of "virtual router" -->  Select the interface from the drop down.--> OK

4: set policy from untrust to trust any server-pub any nat dst ip 192.168.1.100 permit

   GUI--> Policy --Policies --> Select from and to zones from the drop downs (e.g. untrust & trust here) --> now click on new --> select source "any-IPV4" from address book --> select destination "server-pub" from drop down --> Service "ANY"   -->  select Action "permit"  and click on "advance" in the bottom.

     Check "Destination Translation "  and configure actual service IP in "translate IP" (e.g. 192..168.1.100 here) --> Click  OK.

Thanks,

Vikas

Wow ! perfect answer 🙂

Thank you very much!!

SK.

Hi Guys,

can you please share configuration for NAT/PAT for MX-5t routers ?

reply on : shirish2489@gmail.com