ScreenOS Firewalls (NOT SRX)
ScreenOS Firewalls (NOT SRX)

Do you know how to configure PAT?

‎05-24-2016 01:40 AM

Hello all,

I appreciate you guys according to continuously replying to me.

 

This question is about PAT.

I know Juniper Firewall has 3 options. (MIP, DIP, VIP).

 

At first, I supposed to start PAT using VIP.

But, there is something problem.

That is about port number.

I just  have to configure 1(Public IP) : N(Private IP).   :   just IP not portnumber.

 

I think you have the experience about configuring PAT on Cisco router.

I want to know the method what Cisco has.

 

Please reply me guys.

Thank you.

Regards,

SK.

5 REPLIES 5
ScreenOS Firewalls (NOT SRX)

Re: Do you know how to configure PAT?

‎05-24-2016 02:07 AM

Check the KB : http://kb.juniper.net/InfoCenter/index?page=content&id=KB12631&actp=search . Does diagram and traffic flow matches with your requirement? If yes, then follow the below:

 


Configure the address object for the public address:

set address trust server-pub 1.1.1.100/32    <-- this his is public IP address outside the                                                       subnet of untrust zone subnet.  

Configure a route for the public address to point in the direction of the private address:

set interface ethernet0/0 zone trust         
set route 1.1.1.100/32 int e0/0               <-- This will force traffic to trust zone, this                                                will further help to policy condition match                    

Configure the destination translation within a policy:

set policy from untrust to trust any server-pub any nat dst ip 192.168.1.100 permits

 

Let me know if your Public IP is same as untrust zone subnet IP then I will send you another sample of the case.

 

Thanks,

Vikas

 

ScreenOS Firewalls (NOT SRX)

Re: Do you know how to configure PAT?

‎05-24-2016 06:33 PM

Thank you vikassingh.

This URL information you linked was really helpful!

 

However, I also want to know using WebUI ! 

Maybe you know that?

 

Regards,

SK.

ScreenOS Firewalls (NOT SRX)
Solution
Accepted by topic author ksk79174766
‎05-24-2016 10:37 PM

Re: Do you know how to configure PAT?

‎05-24-2016 09:21 PM

Hi SK,

 

I am unable to find a KB referring the same via GUI. However, you can make same configuration using below steps:

 

1:set address trust server-pub 1.1.1.100/32

 

    GUI--> Policy --> policy elements -->click on new --> configure the name(e.g. server-pub as per the CLI) and IP(e.g. 1.1.1.100/32), select the zone from the drop down  (e.g. trust) and click OK.

 

2: set interface ethernet0/0 zone trust

   

GUI--> Network --> interfaces --> select the appreciate interface, click edit. It will open a new window, select the zone from the drop down here.  Click on Apply and OK.

 

3: set route 1.1.1.100/32 int e0/0

    

   GUI --> Networks --> Routing --> destination --> Select VR from drop down in the right corner. Most probably trust-vr. Now click on "new" to add a new route. It will open a new window.

   Configure the IP/netmast --> Click on "gateway" instead of "virtual router" -->  Select the interface from the drop down.--> OK

 

4: set policy from untrust to trust any server-pub any nat dst ip 192.168.1.100 permit

 

   GUI--> Policy --Policies --> Select from and to zones from the drop downs (e.g. untrust & trust here) --> now click on new --> select source "any-IPV4" from address book --> select destination "server-pub" from drop down --> Service "ANY"   -->  select Action "permit"  and click on "advance" in the bottom.

     Check "Destination Translation "  and configure actual service IP in "translate IP" (e.g. 192..168.1.100 here) --> Click  OK.

 

Thanks,

Vikas

 

 

 

ScreenOS Firewalls (NOT SRX)

Re: Do you know how to configure PAT?

‎05-24-2016 10:37 PM

Wow ! perfect answer Smiley Happy

 

Thank you very much!!

 

SK.

ScreenOS Firewalls (NOT SRX)

Re: Do you know how to configure PAT?

3 weeks ago

Hi Guys,

 

can you please share configuration for NAT/PAT for MX-5t routers ?

 

reply on : shirish2489@gmail.com