Education Juniper Networking Tutorial Tutorial

Configuring Destination NAT and Port Translation on MX Series Juniper

Here , I am going to describe the configuration of destination NAT Mapping of public address to private address on MX-Series router juniper

Destination NAT : Destination NAT is the translation of the destination IP address of a packet entering the Juniper Networks device. Destination NAT is used to redirect traffic destined to a virtual host to the real host.

Destination NAT is performed on incoming packets, when the firewall/Router translates a public destination address to a private address.

The topology of this example are

Step By Step configuration 

Router 1(R1) 

Step 1 : Create destination NAT pools 

# set services nat pool pool1 address 198.168.91.100/32

Step 2: Create a destination NAT rule set match-direction input

# set services nat rule nat-rule1

Step 3: – Configure a rule that matches packets and translates the destination address to the address in the pool

# set services nat rule nat-rule1 term 1 from destination-address 172.16.1.30/32
# set services nat rule nat-rule1 term 1 from destination-port range low 800
# set services nat rule nat-rule1 term 1 from destination-port range high 5000
# set services nat rule nat-rule1 term 1 then port-forwarding-mappings map1
# set services nat rule nat-rule1 term 1 then translated destination-pool pool1
# set services nat rule nat-rule1 term 1 then translated translation-type dnat-44

Step 4 : Configure port forwarding for the receive the packet with translated port

# set services nat port-forwarding map1 destined-port 900 translated-port 6000
# set services nat port-forwarding map1 destined-port 1000 translated-port 6500

Step 5: Combine Service-NAT and apply it to the AS-PIC Service-Interface.

set services service-set svc-set1 nat-rules nat-rule1
set services service-set svc-set1 interface-service service-interface sp-8/0/0

Step 6 : Configure Interfaces 

# set interfaces ge-0/1/9 unit 0 family inet address 198.168.91.1/24

# set interfaces ge-0/2/9 unit 0 family inet service input service-set svc-set1
# set interfaces ge-0/2/9 unit 0 family inet service output service-set svc-set1
# set interfaces ge-0/2/9 unit 0 family inet address 10.20.41.1/24

Step 7 : Configure Service Interface : 

# set interfaces sp-8/0/0 unit 0 family inet

Router 2(R2) 

Step 1 : Create destination NAT pools 

# set services nat pool pool1 address 198.168.81.100/32

Step 2: Create a destination NAT rule set and direction

#set services nat rule nat-rule2 match-direction input

Step 3: – Configure a rule that matches packets and translates the destination address to the address in the pool

# set services nat rule nat-rule2 term 1 from destination-address 172.16.2.2/32
# set services nat rule nat-rule2 term 1 from destination-port range low 500
# set services nat rule nat-rule2 term 1 from destination-port range high 5000
# set services nat rule nat-rule2 term 1 then port-forwarding-mappings map1
# set services nat rule nat-rule2 term 1 then translated destination-pool pool1
# set services nat rule nat-rule2 term 1 then translated translation-type dnat-44

Step 4 : Configure port forwarding for the receive the packet with translated port

# set services nat port-forwarding map1 destined-port 1000 translated-port 7000
# set services nat port-forwarding map1 destined-port 2000 translated-port 6500

Step 5: Combine Service-NAT and apply it to the AS-PIC Service-Interface.

# set services service-set svc-set2 nat-rules nat-rule2
# set services service-set svc-set2 interface-service service-interface sp-8/0/0

Step 6 : Configure Interfaces 

# set interfaces ge-0/2/9 unit 0 family inet service input service-set svc-set2
# set interfaces ge-0/2/9 unit 0 family inet service output service-set svc-set2
# set interfaces ge-0/2/9 unit 0 family inet address 10.20.41.2/24

# set interfaces ge-0/3/0 unit 0 family inet address 198.168.81.1/24

Step 7 : Configure Service Interface : 

# set interfaces sp-8/0/0 unit 0 family inet

 

Verification : 

Go to Operational mode : 

->show services stateful firewall flows

-> show services nat pool 

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *