[j-nsp] SXR340 One to One NAT

Ola Thoresen ola at nytt.no
Wed Aug 8 16:02:43 EDT 2018 

On 08. aug. 2018 21:16, sameer mughal wrote:

> Thanks Ola.
> Actually, I want to do this NAT through the interface.
> Senario: public ip /32 on interface and private ip belongs to my LAN 
> segment.
> Please advice.
>

Isn't that about exactly what the Juniper-example does?


set security nat static rule-set MY-RULE-SET from zone untrust
set security nat static rule-set MY-RULE-SET rule RULE1 match 
destination-address 202.101.83.50/32
set security nat static rule-set MY-RULE-SET rule RULE1 then static-nat 
prefix 10.10.10.80/32

If 202.101.83.50 is set on the wan-interface, you do not need proxy-arp

Adjust security-policies as needed:

set security policies from-zone trust to-zone untrust policy permit-all 
match source-address 10.10.10.80
set security policies from-zone trust to-zone untrust policy permit-all 
match destination-address any
set security policies from-zone trust to-zone untrust policy permit-all 
match application any
set security policies from-zone trust to-zone untrust policy permit-all 
then permit

set security policies from-zone untrust to-zone trust policy 
server-access match source-address any
set security policies from-zone untrust to-zone trust policy 
server-access match destination-address 10.10.10.80
set security policies from-zone untrust to-zone trust policy 
server-access match application any
set security policies from-zone untrust to-zone trust policy 
server-access then permit

Of course you also need to modify the name of your security zones and 
rule-sets and rules to suit your setup.



> On Wed, Aug 8, 2018, 3:27 PM Ola Thoresen <ola at nytt.no 
> <mailto:ola at nytt.no>> wrote:
>
>     On 08. aug. 2018 11:44, sameer mughal wrote:
>
>     > Hi,
>     >
>     > Can anyone help me to configure static NAT bidirectional?
>
>     It is pretty straight forward:
>     https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-nat-static.html
>
>
>     Rgds.
>
>     Ola Thoresen
>     nLogic AS
>
>     _______________________________________________
>     juniper-nsp mailing list juniper-nsp at puck.nether.net
>     <mailto:juniper-nsp at puck.nether.net>
>     https://puck.nether.net/mailman/listinfo/juniper-nsp
>

More information about the juniper-nsp mailing list