[j-nsp] Doing SNAT only for destinations learned from a specific BGP peering

[Tom Beecher]

I haven't had to do NAT on an MX in a very long time, but this sounce like
a use case for routing-instance or ( shudder ) rib-groups .


On Fri, Apr 17, 2026 at 10:50 AM Emmanuel Halbwachs via juniper-nsp <
juniper-nsp at puck.nether.net> wrote:

> Hello,
>
> On MX204 or MX80, is there a way to configure source NAT only for
> destinations learned from a BGP peering?
>
> Details:
>
> We are a public research institution. For some reason, we need to
> connect to a government network N that is only reachable throught a
> L3VPN. So we have a BGP peering with a /31 prefix (say x.x.x.0 the
> peer and x.x.x.1 us). All servers in this particular network are
> filtered and only accessible if source address is x.x.x.1 (our side of
> the peering).
>
> So I have do to source NAT for all our hosts that want to reach
> servers in N. I have ≈ 800 routes learned through the peering.
>
> I've never done NAT in the Junos world, only basic routing and basic
> BGP.
>
> What are the best way to do this NAT on MX routers only for the
> destinations learned from a specific BGP peering?
>
> Any help or clue will be much appreciated!
>
> Thanks and have a nice week-end,
>
> --
> Emmanuel Halbwachs, Observatoire de Paris, ✆ +33 1 45 07 75 54
> DIO¹ / CASTORS² 🦫 / PANDA³ 🐼
> ¹ Direction Informatique de l'Observatoire ; ² CAlcul, STOckage, Réseau,
> Système
> ³ Pool of Awesome Network Devices Administrators
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>