ebook img

Junos® OS Network Address Translation Feature Guide for Security Devices PDF

354 Pages·2016·3.45 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Junos® OS Network Address Translation Feature Guide for Security Devices

Junos® OS Network Address Translation User Guide Published 2022-12-14 ii Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, California 94089 USA 408-745-2000 www.juniper.net Juniper Networks, the Juniper Networks logo, Juniper, and Junos are registered trademarks of Juniper Networks, Inc. in the United States and other countries. All other trademarks, service marks, registered marks, or registered service marks are the property of their respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. Junos® OS Network Address Translation User Guide Copyright © 2022 Juniper Networks, Inc. All rights reserved. The information in this document is current as of the date on the title page. YEAR 2000 NOTICE Juniper Networks hardware and software products are Year 2000 compliant. Junos OS has no known time-related limitations through the year 2038. However, the NTP application is known to have some difficulty in the year 2036. END USER LICENSE AGREEMENT The Juniper Networks product that is the subject of this technical documentation consists of (or is intended for use with) Juniper Networks software. Use of such software is subject to the terms and conditions of the End User License Agreement ("EULA") posted at https://support.juniper.net/support/eula/. By downloading, installing or using such software, you agree to the terms and conditions of that EULA. iii Table of Contents About This Guide | xvi 1 Overview NAT Overview | 2 Introduction to NAT | 2 Understanding NAT Rule Sets and Rules | 3 NAT Configuration Overview | 8 Configuring NAT Using the NAT Wizard | 8 Example: Configuring NAT for Multiple ISPs | 9 Requirements | 9 Overview | 9 Configuration | 9 Verification | 24 Configuring Proxy ARP for NAT (CLI Procedure) | 24 Configuring NAT trace options | 25 Monitoring NAT Incoming Table Information | 27 Monitoring Interface NAT Port Information | 29 2 Types of NAT Source NAT | 32 Understanding Source NAT | 33 Understanding Central Point Architecture Enhancements for NAT | 34 Optimizing Source NAT Performance | 35 Monitoring Source NAT Information | 38 Source NAT Configuration Overview | 47 Example: Configuring Source NAT for Egress Interface Translation | 47 Requirements | 47 iv Overview | 48 Configuration | 51 Verification | 53 Example: Configuring Source NAT for Single Address Translation | 54 Requirements | 54 Overview | 55 Configuration | 58 Verification | 61 Example: Configuring Source and Destination NAT Translations | 62 Requirements | 62 Overview | 63 Configuration | 65 Verification | 70 Understanding Source NAT Rules | 72 Example: Configuring Source NAT with Multiple Rules | 73 Requirements | 73 Overview | 73 Configuration | 78 Verification | 83 Understanding Source NAT Pools | 84 Understanding Source NAT Pool Capacities | 86 Understanding Persistent Addresses for Source NAT Pools | 87 Example: Configuring Capacity for Source NAT Pools with PAT | 88 Requirements | 88 Overview | 88 Configuration | 88 Verification | 90 Understanding Source NAT Pools with Address Pooling | 91 Understanding Source NAT Pools with Address Shifting | 91 Example: Configuring Source NAT Pools with Address Shifting | 92 Requirements | 92 v Overview | 93 Configuration | 96 Verification | 99 Understanding Source NAT Pools with PAT | 100 Example: Configuring Source NAT for Multiple Addresses with PAT | 101 Requirements | 101 Overview | 102 Configuration | 105 Verification | 108 Understanding Source NAT Pools Without PAT | 109 Example: Configuring a Single IP Address in a Source NAT Pool Without PAT | 110 Requirements | 111 Overview | 111 Configuration | 111 Verification | 114 Example: Configuring Multiple Addresses in a Source NAT Pool Without PAT | 115 Requirements | 115 Overview | 116 Configuration | 119 Verification | 122 Understanding Shared Addresses in Source NAT Pools without PAT | 123 Understanding NAT Session Persistence | 124 Configure Port Block Allocation Size | 126 Configuring the NAT Session Hold Timeout and NAT Session Persistence Scan | 128 Understanding NAT Configuration Check on Egress Interfaces after Reroute | 129 Destination NAT | 131 Understanding Destination NAT | 131 Understanding Destination NAT Address Pools | 132 Understanding Destination NAT Rules | 133 Destination NAT Configuration Overview | 133 vi Example: Configuring Destination NAT for Single Address Translation | 134 Requirements | 134 Overview | 134 Configuration | 137 Verification | 141 Example: Configuring Destination NAT for IP Address and Port Translation | 145 Requirements | 145 Overview | 145 Configuration | 148 Verification | 152 Example: Configuring Destination NAT for Subnet Translation | 153 Requirements | 153 Overview | 154 Configuration | 157 Verification | 160 Monitoring Destination NAT Information | 161 Static NAT | 165 Understanding Static NAT | 165 Understanding Static NAT Rules | 166 Static NAT Configuration Overview | 167 Example: Configuring Static NAT for Single Address Translation | 167 Requirements | 167 Overview | 167 Configuration | 170 Verification | 173 Example: Configuring Static NAT for Subnet Translation | 174 Requirements | 175 Overview | 175 Configuration | 178 Verification | 181 Example: Configuring Static NAT for Port Mapping | 182 vii Requirements | 183 Overview | 183 Configuration | 186 Verification | 190 Troubleshooting | 191 Monitoring Static NAT Information | 192 3 NAT Configuration Options Persistent NAT and NAT64 | 197 Understanding Persistent NAT and NAT64 | 197 Understanding Session Traversal Utilities for NAT (STUN) Protocol | 199 Understanding NAT64 IPv6 Prefix to IPv4 Address-Persistent Translation | 200 Persistent NAT and NAT64 Configuration Overview | 202 Example: Configuring Address Persistent NAT64 Pools | 203 Requirements | 204 Overview | 204 Configuration | 204 Verification | 207 Example: Supporting Network Configuration By Configuring Persistent NAT with Interface NAT | 207 Requirements | 208 Overview | 208 Configuration | 210 Verification | 214 Example: Configuring Address-Dependent Filtering for IPv6 Clients | 216 Requirements | 216 Overview | 216 Configuration | 217 Verification | 220 Example: Configuring Endpoint-Independent Filtering for IPv6 Clients | 221 Requirements | 221 Overview | 221 viii Configuration | 222 Verification | 225 Example: Setting Maximum Persistent NAT Bindings | 226 Requirements | 226 Overview | 226 Configuration | 227 Verification | 228 Persistent NAT Hairpinning Overview | 228 Example: Configuring Persistent NAT Hairpinning with Source NAT Pool with Address Shifting | 230 Requirements | 231 Overview | 231 Configuration | 233 Verification | 236 NAT for Multicast Flows | 238 Understanding NAT for Multicast Flows | 238 Example: Configuring NAT for Multicast Flows | 239 Requirements | 239 Overview | 240 Configuration | 242 Verification | 250 IPv6 NAT | 252 IPv6 NAT Overview | 252 IPv6 NAT PT Overview | 255 IPv6 NAT-PT Communication Overview | 256 Example: Configuring an IPv4-Initiated Connection to an IPv6 Node Using Default Destination Address Prefix Static Mapping | 257 Requirements | 257 Overview | 257 Configuration | 258 Verification | 261 Example: Configuring an IPv4-Initiated Connection to an IPv6 Node Using Static Destination Address One-to-One Mapping | 262 ix Requirements | 262 Overview | 262 Configuration | 263 Verification | 266 Example: Configuring an IPv6-Initiated Connection to an IPv4 Node Using Default Destination Address Prefix Static Mapping | 267 Requirements | 267 Overview | 267 Configuration | 268 Verification | 271 Example: Configuring an IPv6-Initiated Connection to an IPv4 Node Using Static Destination Address One-to-One Mapping | 273 Requirements | 273 Overview | 273 Configuration | 274 Verification | 277 IPv6 Dual-Stack Lite | 278 Understanding IPv6 Dual-Stack Lite | 278 Example: Configuring IPv6 Dual-Stack Lite | 281 Requirements | 282 Overview | 282 Configuration | 282 Verification | 283 NAT for VRF Routing Instance | 284 NAT Overview | 285 Example: Configuring Source NAT to convert the private IP address of a VRF instance to the private IP address of another VRF instance | 285 Requirements | 285 Overview | 286 Configuration | 286 Example: Configuring Destination NAT to Convert Public IP Address to VRF’s Single Private IP Address of a VRF instance | 293 Requirements | 293 x Overview | 293 Configuration | 294 Verification | 299 Example: Configuring Static NAT to Convert the Private IP Address of a VRF Instance to Public IP Address | 300 Requirements | 300 Overview | 300 Configuration | 301 Verification | 305 NAT for VRF group | 307 Overview | 307 Example: Configuring Source NAT to convert the private IP address of a VRF Group to the private IP address of different VRF instance | 307 Requirements | 308 Overview | 308 Configuration | 308 Example: Configuring Destination NAT to Convert Public IP Address of a VRF Group to the private IP address of different VRF instance | 313 Requirements | 314 Overview | 314 Configuration | 315 Verification | 318 4 Configuration Statements address (Security ARP Proxy) | 324 address (Security Destination NAT) | 325 address (Security NDP Proxy) | 327 address-mapping | 328 address-persistent (Security Source NAT) | 330 address-persistent (Security Source NAT Pool) | 331 address-pooling (Security Source NAT) | 333 address-shared (Security Source NAT) | 335

Description:
YEAR 2000 NOTICE. Juniper Networks hardware . Example: Configuring Destination NAT for IP Address and Port Translation . 114. Example:
See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.