Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

What are the possible modes of operation when using policy based NAT?

0

0

Article ID: KB6076 KB Last Updated: 09 Jun 2010Version: 3.0
Summary:
What are the possible modes of operation when using policy based NAT?
Symptoms:
Different operation modes with policy based NAT

Solution:
  1. NAT Off : Route Mode
  2. NAT On, DIP OFF :
    This is the Port Address translation (PAT).   This is the traditional NAT Mode.
  3. NAT On, DIP OFF, Fix Port :
    Translates trust IP addresses to the IP of the outgoing interface (untrust interface for ScreenOS 3.0.x and below), but doesn't translate the port.  If a duplicate port is used by a source, they are not allowed to be translated because the port is already used for a mapping.
  4. NAT On, DIP On, DIP Fix Port On (Like allocating a number of MIPs to use):
    A Dynamic IP (DIP) is an IP Address Range.  This is NOT IPPool.

    Example:  IP address range containing 5 DIPs.
    Only 5 Hosts can be translated. Any new request is dropped. Ports are not translated for any address in the range. (This is classic NAT pools)
  5. NAT On, DIP On, DIP Fix Port Off:
     If you have an address range containing 5 DIPs, the NetScreen will use round robin to select a DIP for each address that needs to be translated.  PAT is used for each Address in the range.
     
     Other Advantages: Each policy can use its own DIP with Fix Port off.

Here is the problem or goal:

  • Different operation modes with policy based NAT
  • What are the possible modes of operation when using policy based NAT?

Applicable Products:

  • NetScreen-5
  • NetScreen-5XP
  • NetScreen-10
  • NetScreen-25
  • NetScreen-50
  • NetScreen-100
  • NetScreen-204
  • NetScreen-208
  • NetScreen- 500
  • NetScreen-1000

Applicable ScreenOS:

  • 2.6.1
  • 2.7.1
  • 2.8.0
  • 3.0.0
  • 3.0.1
  • 3.0.2
  • 3.1.0


Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search