Table of Contents
Advertisement
Configuring NAT Objects
Configuring DIP Objects
Copyright © 2010, Juniper Networks, Inc.
Select a color to represent the routing instance object.
4.
Enter a comment or description about the routing instance object.
5.
In the New Routing Instance dialog box, click the Add icon. The New Routing Instance
6.
Entry dialog box appears.
Enter the name of the domain where you want to create the routing instance object.
7.
Enter the name of the device in which you want to create the routing instance.
8.
Select a routing instance from the routing instance drop-down list box and click OK.
9.
If no routing instance is available, you need to create a routing instance using the
Add icon in the New Routing Instance Entry dialog box. For details on adding routing
instances, see the JUNOS Routing Protocols Configuration Guide.
A global NAT object contains references to device-specific NAT configurations, enabling
multiple devices to share a single object.
Use the Device Manager to configure NAT for each device, then create a global NAT
object that includes the device-specific NAT configuration. The single global NAT object
represents multiple device-specific NAT objects; for example, a global DIP represents
multiple device-specific DIPs. However, a global NAT object can contain only one
device-specific NAT object from the same device.
Use global NAT objects in VPNs; when you install the VPN on a device, that device
automatically replaces the global NAT object with its device-specific NAT configuration.
Before you configure a shared NAT object, ensure that you have configured the MIP, VIP,
or DIP on the device itself.
You cannot configure NAT objects for SRX Series Services Gateways and use them in
security policies. For SRX Series gateways, NAT settings must be configured in the device.
In Object Manager, select NAT Objects > DIP and click the Add icon. Enter a name, color,
IP version (IPv4 or IPv6), and comment for the object, then click the Add icon to specify
the device-specific DIP:
Device—Select the security device that includes the DIP.
Interface or DIP Group—Select the interface or DIP group for the device.
For interface, select the interface on the device and the dynamic IP address
configuration for that interface.
For DIP group, select the dynamic IP group configuration for that device.
If no values appear in the pull-down menu for interface, DIP, or DIP group, ensure that
you have configured DIP correctly in the Device Manager.
You can add multiple device DIPs to a single global DIP object (one DIP per device).
Chapter 8: Configuring Objects
411
Advertisement
Table of Contents
