JUNOSe 11.0.x IP Services Configuration Guide
4.
NOTE: This pool is purposely smaller than the size of the company network because
not all private hosts are likely to access the public network at the same time.
5.
6.
7.
NOTE: This pool is purposely small, allowing for only a few connections.
8.
9.
10.
NOTE: An inside host cannot directly access hosts on the outside network that use
addresses that overlap with the inside subnetwork. However, by using outside source
translation and DNS name resolution, the NAT router can install translations so inside
hosts can access these outside hosts by using nonoverlapping addresses.
84
NAT Configuration Examples
host1:blue(config-interface)#exit
Create the address pool for inside source translations.
host1:blue(config)#ip nat pool entAoutpool 12.220.1.0 12.220.255.255
prefix-length 16
Create the access list for addresses eligible for dynamic translation.
host1:blue(config)#access-list entAout permit 15.12.0.0 0.0.255.255
Create the dynamic translation rule for outbound traffic.
host1:blue(config)#ip nat inside source list entAout pool entAoutpool
Create the address pool for outside source translations.
Using an address range of 10.1.32.0/8 prevents any overlap with the private
network (15.12.0.0/16).
host1:blue(config)#ip nat pool entAinpool 10.1.32.1 10.1.32.255
prefix-length 16
Configure the access list for global addresses that overlap with inside addresses.
host1:blue(config)#access-list entAin permit 15.12.0.0 0.0.255.255
Create the dynamic translation rule for inbound traffic.
host1:blue(config)#ip nat outside source list entAin pool entAinpool
Create one of the following:
A route to the outside interface for inside hosts to access outside hosts that
have overlapping addresses.
host1:blue(config)#ip route 10.1.32.0 255.255.255.0 atm 3/0.1
A default route to the outside interface.
host1:blue(config)#ip route 0.0.0.0 0.0.0.0 atm 3/0.1