O'Reilly logo

Junos Security by James Quinn, Timothy Eberhard, Patricio Giecco, Brad Woodberg, Rob Cameron

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Static NAT

Static NAT enables the translation of flows initiated both to and from a configured address or range of addresses. It accomplishes in one rule-set what would otherwise require a combination of separate source and destination NAT rule-sets. Static translations are always between one address and another address, or one range of addresses and another of equal size. In other words, static NAT requires a one-to-one correspondence between the pre-translation and post-translation addresses. Thus, static NAT provides a simple and effective method of migrating systems to new address space.

Figure 5-14 shows this bidirectional nature of static NAT, where a given host’s IP address is translated whether it is initiating communication outbound or whether it is receiving communication initiated from elsewhere inbound.

Static NAT

Figure 5-14. Static NAT

Note

Static NAT in the SRX is a superset of ScreenOS MIP configuration.

Now you will walk through an example creating a static NAT rule-set that statically translates flows originating from the Inet zone and destined to a specific /24 network.

First enter configuration mode and move the configuration prompt to the static NAT rule-set hierarchy in Junos:

james@SRX5800-1> edit
Entering configuration mode

[edit]
james@SRX5800-1# edit security nat static rule-set Internet

Now use the set command to configure the new static NAT rule-set for traffic originated ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required