Chapter 5. Network Address Translation

This chapter details the Junos Network Address Translation (NAT) features for the SRX. NAT provides a versatile set of tools for overcoming IPv4 address exhaustion, merging networks, migrating networks, redirecting traffic, or simply hiding network topologies. Put simply, NAT is the means for modifying the IP addresses and TCP/UDP ports in IP packets.

This chapter has three main sections that correspond to the three main types of NAT on the SRX:

  • Source NAT

  • Destination NAT

  • Static NAT

Source NAT translates the source IP addresses and TCP/UDP ports of matching flows. Destination NAT translates the destination IP addresses and TCP/UDP ports of matching flows. And static NAT translates configured prefixes symmetrically whether they are the sources initiating flows or the destinations receiving them.

This chapter shows you how to configure NAT with step-by-step tutorials using the Junos command-line interface (CLI). It also includes a case study at the end of each main section.

How the SRX Processes NAT

The Junos operating system provides a complete and integrated set of NAT tools for the SRX. It departs both from the earlier ScreenOS security policy model and the Junos services interface model of NAT configuration. It depends neither on the disparate MIPs, DIPs, and VIPs of ScreenOS security policy, nor on the logical interface traffic steering of the packet mode Junos services stanza.

NAT is configured in the SRX under the Junos security stanza. It is fully ...

Get Junos Security now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.