Configuring Source NAT - JUNOS Software Security Configuration Guide(2).pdf
(
63 KB
)
Pobierz
[
Contents]
[
Prev]
[
Next]
[
Index]
[
Report an Error]
Example: Configuring Source NAT
When performing source Network Address Translation, source pools provide JUNOS software with a
supply of addresses from which to draw. When a NAT rule requires NAT and references a specific source
pool, JUNOS software draws addresses from that pool when translation is performed.
Note:
When performing source NAT, security policies are applied first and
then the address in question is translated according to configured NAT source
rules.
Before You Begin
For background information, read:
Source IP Address Translation Overview
Understanding NAT Interface Source Pools
Understanding NAT Source Pools with PAT
Understanding NAT Source Pools Without PAT
Understanding NAT Static Source Pools
Understanding NAT Allow-Incoming Source Pools
Example: Configuring Security Policies—Detailed Configuration
Source NAT rules have three available actions:
off — Do not perform source NAT.
pool — Use user-defined source NAT pools to perform source NAT.
interface — Use the egress interface IP address to perform source NAT.
Note:
off
is a useful command for detail control when you are configuring
source NAT rules. For example, you can configure a rule that says, “if rule A
is from zone1 to zone2, do source NAT.” However, you do not want to do
source NAT if the traffic egresses from interface if2, which belongs to zone2.
In that case, you can define a rule B, which is from zone1 to if2 with
off
as
the source NAT action.
In this example, you perform the following tasks:
Define a source NAT pool for traffic from routing-instance
ri-2
to routing-instance
ri-1
with any
source IP address and destination IP address
30.1.1.1.
Map the source IP address to
10.1.1.1.
Define a source NAT pool for traffic from zone
z3 or z4
to routing-instance
ri-1
with any source IP
address and destination IP address
30.1.1.2.
Map the source IP address to
10.1.1.2.
Define a source NAT pool for traffic from interface
fe-0/0/0.0 or fe-0/0/1.0
to interface
ge-1/0/0.0
or ge-1/0.1.0
with any source IP address and destination IP address
30.1.1.3.
Map the source IP
address to
10.1.1.3.
Define a source NAT pool for traffic from routing-instance
ri-2
to zone
z2
with any source IP
address and destination IP address
30.1.1.4.
Map the source IP address to
10.1.1.4.
Define a source NAT pool for traffic from routing-instance
ri-2
to routing-instance
ri-1
with any
source IP address and destination IP address
30.1.1.5.
Map the source IP address to
10.1.1.5.
CLI Configuration
user@host#
user@host#
user@host#
user@host#
user@host#
user@host#
user@host#
user@host#
user@host#
user@host#
set
set
set
set
set
set
set
set
set
set
security
security
security
security
security
security
security
security
security
security
nat
nat
nat
nat
nat
nat
nat
nat
nat
nat
source
source
source
source
source
source
source
source
source
source
pool
pool
pool
pool
pool
pool
pool
pool
pool
pool
spool-1
spool-1
spool-2
spool-2
spool-3
spool-3
spool-4
spool-4
spool-5
spool-5
routing-instance
address 10.1.1.1
routing-instance
address 10.1.1.2
routing-instance
address 10.1.1.3
routing-instance
address 10.1.1.4
routing-instance
address 10.1.1.5
ri-1
ri-1
ri-1
ri-1
ri-1
user@host#
set security nat source rule-set rs1 from routing-instance ri-2
user@host#
set security nat source rule-set rs1 to routing-instance ri-1
user@host#set
security nat source rule-set rs1 rule r1 match destination-address
30.1.1.1
user@host#
set security nat source rule-set rs1 rule r1 then source-nat pool spool-1
user@host#
set security nat source rule-set rs1 rule r5 match destination-address
30.1.1.5
user@host#
set security nat source rule-set rs1 rule r5 then source-nat pool spool-5
user@host#
set security nat source rule-set rs2 from zone [z3 z4]
user@host#set
security nat source rule-set rs2 to routing-instance ri-1
user@host#
set security nat source rule-set rs2 rule r2 match destination-address
30.1.1.2
user@host#
set security nat source rule-set rs2 rule r2 then source-nat pool spool-2
user@host#
user@host#
user@host#
30.1.1.3
user@host#
user@host#
user@host#
user@host#
30.1.1.4
user@host#
set security nat source rule-set rs3 from interface [fe-0/0/0.0 fe-0/0/1.0]
set security nat source rule-set rs3 to interface [ge-1/0/0.0 ge-1/0.1.0]
set security nat source rule-set rs3 rule r3 match destination-address
set security nat source rule-set rs3 rule r3 then source-nat spool-3
set security nat source rule-set rs4 from routing-instance ri-2
set security nat source rule-set rs4 to zone z2
set security nat source rule-set rs4 rule r4 match destination-address
set security nat source rule-set rs4 rule r4 then source-nat pool spool-4
[
Contents]
[
Prev]
[
Next]
[
Index]
[
Report an Error]
Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy & Policy
Legal Notices
Copyright© 1999-2010 Juniper Networks, Inc.
Plik z chomika:
miszz
Inne pliki z tego folderu:
vmw-nsx-network-virtualization-design-guide.pdf
(21727 KB)
vmware-vxlan-deployment-guide-white-paper.pdf
(13501 KB)
waris-l2vpn-tutorial (1).pdf
(2417 KB)
White_Paper_Design_VMware_Arista_3-15-2014.pdf
(1852 KB)
Jacek_Skowyra_Juniper_routers_security(2).pdf
(1218 KB)
Inne foldery tego chomika:
Dokumenty
Drivers
Galeria
Obrazy BIN ISO VMWare
Prywatne
Zgłoś jeśli
naruszono regulamin