[j-nsp] Configuring NAT on J2300
cmadams at hiwaay.net
Wed May 10 09:46:45 EDT 2006
Once upon a time, Harshit Kumar <harshit at juniper.net> said:
> Docs might help too
Thanks to both responses. I had read through the docs for a while and
tried some configuration, but my mistake was I went straight to the NAT
section. I haven't done any firewalling on a Juniper either, so I
skipped those sections, and didn't realize how NAT related to it (so I
couldn't figure out how to apply my NAT config to an actual interface).
Oh, now I get "warning: requires 'firewall' license".
Also, the docs for translation-type statement say:
* source dynamic -- Implement address translation for source
traffic with Network Address Port Translation (NAPT). You must
specify a source-pool name. The referenced pool must include a port
or address configuration.
This option supports translating a large range of addresses to a
smaller size pool. The requests from the source address range are
assigned to the addresses in the pool until the pool is used up, and
any additional requests are rejected. A NAT address assigned to a host
is used for all concurrent sessions from that host. The address is
released to the pool only after all the sessions for that host expire.
This feature enables the router to share a few public IP addresses
between several private hosts. Since all the private hosts might not
simultaneously create sessions, they can share a few public IP
That sounded to me like a pool IP was matched with a private IP for as
long as a private IP had associated sessions, so if I only specified one
public IP, I could only have one private IP accessing the outside world
at a time.
Chris Adams <cmadams at hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.
More information about the juniper-nsp