[j-nsp] Doing SNAT only for destinations learned from a specific BGP peering
Alex A
p3yd at outlook.com
Sat Apr 18 00:03:40 EDT 2026
Hello,
On MX204, only inline SNAT is supported however specifically interface SNAT is not supported but doable via FBF and routing-instances.
On MX480, interface SNAT is supported with SPC3 service card.
Thanks
Alex
On 17 April 2026 15:49:49 (+01:00), Emmanuel Halbwachs via juniper-nsp wrote:
> Hello,
>
> On MX204 or MX80, is there a way to configure source NAT only for
> destinations learned from a BGP peering?
>
> Details:
>
> We are a public research institution. For some reason, we need to
> connect to a government network N that is only reachable throught a
> L3VPN. So we have a BGP peering with a /31 prefix (say x.x.x.0 the
> peer and x.x.x.1 us). All servers in this particular network are
> filtered and only accessible if source address is x.x.x.1 (our side of
> the peering).
>
> So I have do to source NAT for all our hosts that want to reach
> servers in N. I have ≈ 800 routes learned through the peering.
>
> I've never done NAT in the Junos world, only basic routing and basic
> BGP.
>
> What are the best way to do this NAT on MX routers only for the
> destinations learned from a specific BGP peering?
>
> Any help or clue will be much appreciated!
>
> Thanks and have a nice week-end,
>
More information about the juniper-nsp
mailing list