Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SRX] NAT Traversal (NAT-T) supported scenarios



Article ID: KB17953 KB Last Updated: 20 Nov 2012Version: 12.0
This article provides information about NAT Traversal (NAT-T) supported scenarios.
  • IS NAT-T supported on SRX devices?

  • LAN to LAN VPN.

  • Dynamic VPN.

This article applies to all Junos versions up to and including 11.4.

Note: In the following scenarios, the SRX is the server and the client is the other peer device.

Supported scenarios:

  1. Client behind the NAT device is trying to establish VPN with a server on the Internet:

    Client (Private IP)---NAT-device---INTERNET CLOUD---Server(Public IP address)

  2. Single/many clients are trying to establish VPN through two outbound NATdevices to the VPN server on the Internet:

    code>Client (Private IP)---NAT1-device----NAT2-device----INTERNET CLOUD---Server(Public IP address)

  3. Multiple clients with the same private IP address and each behind their own NAT device, are trying to establish VPN with a server on the Internet:

    Client1 (Private IP)---NAT1-device---INTERNET CLOUD---Server(Public IP address)
    Client2 (Private IP)---NAT2-device---INTERNET CLOUD---Server(Public IP address)

Supported scenarios with JUNOS 11.4R1 and later (NAT devices perform a static 1-to-1 NAT from public to private address):

  1. Client having Public IP addresses are trying to establish VPN with a server behind the NAT device:  
    Client (Internet IP)---INTERNET CLOUD---NAT-device----Server(Private IP address)

  2. Client behind a NAT device is trying to establish VPN with a server behind the NAT device:
    Client (Private IP)---NAT-device---INTERNET CLOUD---NAT-device----Server(Private IP address

  3. Gateway to Gateway tunnel over NAT:

    Server1 (Private IP)---NAT-device---INTERNET CLOUD---NAT-device----Server2(Private IP address)

This issue is addressed in 11.4R1.  

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search