Table of Contents
Advertisement
JunosE 11.3.x IP Services Configuration Guide
ip nat inside source list
74
CAUTION: You must mark interfaces that participate in NAT translation as
on the inside or the outside network. See "Specifying Inside and Outside
Interfaces" on page 69 for details.
You can create a dynamic translation rule to configure inside source or outside source
translation. If the NAT router cannot locate a matching entry in its translation database
for a given packet, it evaluates the access list of all applicable dynamic translation rules
(inside source translation rules for outbound packets and outside source translation rules
for inbound packets) against the packet. If an access list permits translation, the NAT
router tries to allocate an address from the associated address pool to install a new
translation.
When you create dynamic translation rules, keep the following in mind:
You can associate a list with one pool at any given time. Associating a list with a different
pool replaces the previous association.
The optional overload keyword for inside source translation specifies that the router
employ NAPT.
You can configure dynamic NAPT for inside source translation only; you cannot configure
dynamic NAPT for outside source translation.
When no match occurs for any dynamic translation rule, the NAT router does not
translate the packet.
When an address pool is empty, the NAT router drops the packet.
Access lists and pools do not have to exist when you are defining dynamic translation
rules; you may create them after you define the dynamic translations.
Creating Dynamic Inside Source Translation Rules
Use the ip nat inside source list command to create a dynamic inside source translation
rule. This command creates a translation rule that:
Translates inside local source addresses to inside global addresses when packets from
the inside network are routed to the outside network
Translates outside local source addresses to outside global addresses when packets
from the outside network are routed to the inside network.
Use the overload keyword to specify that the translation create NAPT entries (protocol,
port, and address) in the NAT table.
The no version of this command removes the dynamic translation rule, but does not
remove any previously created translations (resulting from the rule evaluation) from the
translation table. To remove active translations from the translation table, see "Clearing
Dynamic Translations" on page 76.
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
Need help?
Do you have a question about the JUNOSE SOFTWARE FOR E SERIES 11.3.X - IP SERVICES CONFIGURATION GUIDE 2010-10-01 and is the answer not in the manual?
Questions and answers