Juniper® Lab Exercises Exam Notes : Configuring Source Nat Using Multiple Rules

12. Configuring Source NAT using multiple rules

Description: The lab exercise explains configuration source NAT based on given set of instruction.

Network Diagram :

Configuring Source NAT using multiple rules n/w diagram

Instructions:

1. Create a source NAT pool srcnatpool1

2. Create a source NAT pool srcnatpool2

3. Create source NAT rule set rs1 with rule r1 to match packets with a source IP address in the 10.10.1.0/24 subnets. For matching packets, the source address is translated to an IP address in the srcnatpool1 pool.

4. Apply rule r2 to match packets with a source IP address of 192.168.1.2/24. For matching packets, there is no NAT translation performed.

5. Rule r3 to match packets with a source IP address in the 192.168.1.0/24 subnet. For matching packets, the source address is translated to an IP address in the srcnatpool2 pool.

6. From operational mode enter show security nat source summary.

Original Source IP Translated Source IP
10.10.1.0/24 192.0.0.0/24-192.0.0.24
192.168.1.0/24 192.0.0.100-192.0.0.249 (no port
translation)
192.168.1.2/24 no source NAT translation

On R1

user@R1>configure
[edit]
user@R1#
edit security nat source
[edit security nat source]
user@R1#
set pool srcnatpool1 address 192.0.0.1/24 to 192.0.0.24 /24
[edit security nat source]
user@R1#
set pool srcnatpool2 address 192.0.0.100/24 to 192.0.0.249/24
[edit security nat source]
user@R1#
set rule-set rs1 from zone trust
[edit security nat source]
user@R1#
set rule-set rs1 to zone untrust
[edit security nat source]
user@R1#
set rule-set rs1 rule r1 match source-address 10.10.1.0/24
[edit security nat source]
user@R1#
set rule-set rs1 rule r1 match destination-address 0.0.0.0/0
[edit security nat source]
user@R1#
set rule-set rs1 rule r1 then source-nat pool srcnatpool1
[edit security nat source]
user@R1#
set rule-set rs1 rule r2 match source-address 192.168.1.2/24
[edit security nat source]
user@R1#
set rule-set rs1 rule r2 match destination-address 0.0.0.0/0
[edit security nat source]
user@R1#
set rule-set rs1 rule r2 then source-nat off
[edit security nat source]
user@R1#
set rule-set rs1 rule r3 match source-address 192.168.1.0/24
[edit security nat source]
user@R1#
set rule-set rs1 rule r3 match destination-address 0.0.0.0/0
[edit security nat source]
user@R1#
set rule-set rs1 rule r3 then source-nat pool srcnatpool2
[edit security nat source]
user@R1#exit
[edit]

user@R1#show

 source {

          pool srcnatpool1 {
               address {
                    192.0.0.1/24 to 192.0.0.24/24;
               }
               
          }
          pool srcnatpool2 {
               address {
                    192.0.0.100/24 to 192.0.0.249/24;
               }
               
          }
          rule-set rs1{
               from zone trust;
               to zone untrust;

               rule r1{
                    match {
                         source-address 10.10.1.0/24;
                         destination-address 0.0.0.0/0;
                    }
                    then {
                         source-nat {
                              pool {
                                   srcnatpool1;
                              }
                         }
                    }
               }
               rule r2{
                    match {
                         source-address 192.168.1.2/24;
                         destination-address 0.0.0.0/0;
                    }
                    then {
                         source-nat {
                              off;
                         }
                    }
               }
               rule r3{
                    match {
                         source-address 192.168.1.0/24;
                         destination-address 0.0.0.0/0;
                    }
                    then {
                         source-nat {
                              pool {
                                   srcnatpool2;
                              }
                         }
                    }
               }
          }
     }

[edit]
user@R1#
commit
commit complete
[edit]
user@R1#
exit

user@R1>show security nat source summary

Total port number usage for port translation pool: 0
Maximum port number for port translation pool: 268435456
Total pools :2
pool name      address range                        routing instance  PAT  total address
srcnatpool1    192.0.0.1/24-192.0.0.24/24           default           YES  24
srcnatpool2    192.0.0.100/24-192.0.0.249/24        default           YES  249
Total Rules : 3
rule name      rule set       from           to             Action
r1             rs1            trust          untrust        srcnatpool1
r2             rs1            trust          untrust        off
r3             rs1            trust          untrust        srcnatpool2

Previous   Contents   Next