Table of Contents
Advertisement
Configuring Legacy NAT Objects
Copyright © 2010, Juniper Networks, Inc.
A global NAT object contains references to device-specific NAT configurations, enabling
multiple devices to share a single object. Use the Device Manager to configure NAT for
each device, then create a global NAT object that includes the device-specific NAT
configuration. The single global NAT object represents multiple device-specific NAT
objects; for example, a global dynamic IP (DIP) represents multiple device-specific DIPs.
However, a global NAT object can contain only one device-specific NAT object from the
same device.
Use global NAT objects in VPNs; when you install the VPN on a device, that device
automatically replaces the global NAT object with its device-specific NAT configuration.
Before you configure a shared NAT object, ensure that you have configured the mapped
IP (MIP), virtual IP (VIP), or DIP on the device itself.
You cannot configure NAT objects for SRX Series Services Gateways and use them in
security policies. For SRX Series gateways, NAT settings must be configured in the device.
For more information on DIP, MIP, and VIP objects, see the following sections:
Configuring DIP Objects on page 415
Configuring MIP Objects on page 416
Configuring VIP Objects on page 416
Configuring Destination NAT Objects on page 416
Configuring DIP Objects
To configure a DIP object:
In Object Manager, select NAT Objects > DIP and click the Add icon.
1.
Enter a name, color, IP version (IPv4 or IPv6), and comment for the object, then click
2.
the Add icon to specify the device-specific DIP:
Device—Select the security device that includes the DIP.
Interface or DIP Group—Select the interface or DIP group for the device.
For interface, select the interface on the device and the dynamic IP address
configuration for that interface.
For DIP group, select the dynamic IP group configuration for that device.
If no values appear in the pull-down menu for interface, DIP, or DIP group, make sure that
you have configured DIP correctly in the Device Manager.
You can add multiple device DIPs to a single global DIP object (one DIP per device).
Chapter 8: Configuring Objects
415
Advertisement
Table of Contents
Need help?
Do you have a question about the NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1 and is the answer not in the manual?
Questions and answers