[j-nsp] Configuring NAT on J2300

Harry Reynolds harry at juniper.net
Tue May 9 17:42:49 EDT 2006


Any chance you can use j-web wizard?  When I did, the resulting basic
nat config that was generated is below, as taken from the j-series
training course.

HTHs:

Goals:
-Ensure that traffic originating on the 10.222.2.0/24 subnet is
delivered to Amsterdam with a 10.222.3.1 source address
-Assume that multiple sources will be active at the same time
-Permit all ingress traffic on the untrusted interface 

[edit]
lab at London# show | compare base-static 
[edit interfaces]
+   sp-0/0/0 {
+       unit 0 {
+           family inet;
+       }
+   }
[edit interfaces fe-0/0/1 unit 0 family inet]
+       service {
+           input {
+               service-set jweb-wan-sfw-service-set;
+           }
+           output {
+               service-set jweb-wan-sfw-service-set;
+           }
+       }
services {
+      stateful-firewall {
+          rule jweb-sfw-to-wan {
+              match-direction output;
+              term jweb-apply-alg {
+                  from {
+                      application-sets junos-algs-outbound;
+                  }
+                  then {
+                      accept;
+                  }
+              }
+              term jweb-accept-all {
+                  then {
+                      accept;
+                  }
+              }
+          }
++          rule jweb-sfw-from-wan {
+              match-direction input;
+              term jweb-discard-all {
+                  then {
+                      accept;
+                  }
+              }
+          }
+      }
+      nat {
+          pool jweb-nat-pool {
+              address-range low 10.222.3.1 high 10.222.3.1;
+              port automatic;
+          }
+          rule jweb-nat-to-wan {
+              match-direction output;
+              term jweb-nat-term {
+                  then {
+                      translated {
+                          source-pool jweb-nat-pool;
+                          translation-type source dynamic;
+                      }
+                  }
+              }
+          }
+      }
+      service-set jweb-wan-sfw-service-set {
+          stateful-firewall-rules jweb-sfw-to-wan;
+          stateful-firewall-rules jweb-sfw-from-wan;
+          nat-rules jweb-nat-to-wan;
+          interface-service {
+              service-interface sp-0/0/0;
+          }
+      }
+  } 



> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net 
> [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Chris Adams
> Sent: Tuesday, May 09, 2006 2:32 PM
> To: juniper-nsp at puck.nether.net
> Subject: [j-nsp] Configuring NAT on J2300
> 
> I'm trying to set up a J2300 for NAT with a single public 
> static IP.  I haven't set up NAT on a Juniper before, and I'm 
> having trouble figuring it out.  Help?
> --
> Chris Adams <cmadams at hiwaay.net>
> Systems and Network Administrator - HiWAAY Internet Services 
> I don't speak for anybody but myself - that's enough trouble.
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net 
> http://puck.nether.net/mailman/listinfo/juniper-nsp
> 



More information about the juniper-nsp mailing list