Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

What limitations or requirements are there for NAT-dst?

0

0

Article ID: KB6921 KB Last Updated: 09 Jul 2010Version: 3.0
Summary:
What limitations or requirements are there for NAT-dst?
Symptoms:
Destination NAT
Solution:

Are there limitations and requirements for destination NAT configurations?

Yes. 

  • Only one continuous address range is permitted in the destination address field of the policy
    • To accommodate disjointed destination address ranges, define multiple policies.
  • Any packet whose destination IP fails off the destination range (due to the DIP pool address have been depleted), it will not be translated.  It will be sent to the original destination address; the packet will not be dropped.
  • The NetScreen device must have routes in its routing table to both the original destination network and the translated destination address.
  • For one-to-one and many-to one NAT-dst configurations, the original destination IP address and the translated destination address must be in the same security zone. 

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search