Chapter 5. Network Address Translation
This chapter details the Junos Network Address Translation (NAT) features for the SRX. NAT provides a versatile set of tools for overcoming IPv4 address exhaustion, merging networks, migrating networks, redirecting traffic, or simply hiding network topologies. Put simply, NAT is the means for modifying the IP addresses and TCP/UDP ports in IP packets.
This chapter has three main sections that correspond to the three main types of NAT on the SRX:
Source NAT translates the source IP addresses and TCP/UDP ports of matching flows. Destination NAT translates the destination IP addresses and TCP/UDP ports of matching flows. And static NAT translates configured prefixes symmetrically whether they are the sources initiating flows or the destinations receiving them.
This chapter shows you how to configure NAT with step-by-step tutorials using the Junos command-line interface (CLI). It also includes a case study at the end of each main section.
How the SRX Processes NAT
The Junos operating system provides a complete and integrated set of
NAT tools for the SRX. It departs both from the earlier ScreenOS security
policy model and the Junos services interface model of NAT configuration.
It depends neither on the disparate MIPs, DIPs, and VIPs of ScreenOS
security policy, nor on the logical interface traffic steering of the
packet mode Junos
NAT is configured in the SRX under the Junos
security stanza. It is fully ...