Juniper NAT Configuration in SRX

  • by

There are different types of NAT that you can configure as per your requirement. Different types of NAT are, source NAT, destination NAT and static NAT. Here giving example of static nat which is based by pool.

First, you need to create a POOL. Here I use a single IP 1.1.1.1/32 to my pool. This is Public IP.
My POOL Name: “WAN-Pool”. You can give any name here. If you want, you can use multiple IP into a pool. Will give you an separate example.


# set security nat source pool WAN-Pool address 1.1.1.1/32;

Second, you need to declare nat source ZONE information.
That is here I use TRUST to UNTRUST.
Here My rule name is “trust-to-untrust”. you can use this name anything.

# set security nat source rule-set trust-to-untrust from zone trust
# set security nat source rule-set trust-to-untrust to zone untrust

Third, need to declare allower private source IP block. Here I use 192.168.0.0/24

# set security nat source rule-set trust-to-untrust rule SNAT match source-address 192.168.0.0/24

Finally, Call that pool, what you have just created “WAN-Pool”

# set security nat source rule-set trust-to-untrust rule SNAT then source-nat pool WAN-Pool

Now the Lan side ip addresses of 192.168.0.0/24 ip block can go via internet with translated ip 1.1.1.1. The full configuration look like this:

# show security
nat {
    source {
        pool WAN-Pool {
            address {
                1.1.1.1/32;
            }
        }
        rule-set trust-to-untrust {
            from zone trust;
            to zone untrust;
            rule SNAT {
                match {
                    source-address 192.168.0.0/24;
                }
                then {
                    source-nat {
                        pool {
                            WAN-Pool;
                        }
                    }
                }
            }
        }
    }

}

Leave a Reply