Destination NAT on SSR
- Jean-luc KRIKER
Owned by Jean-luc KRIKER
| Dest-NAT | |
|---|---|
| service | limit to a single router subnet: public IP address Scope: public ( allow global tenant, default is private ) Shared service: disabled |
| service-route | NH-hop: LAN interface NAT target: private IP address NAT port: example translate to port 80 |
| optional | if multiple Public IP address: Under interface, Address, In-subnet ARP ( the SSR will respond to ARP request ) |
service and service-route admin@LAB-128T-PAX5-NODE-1.LAB-PYXYA-128T# show config running authority service dstNAT-ssh
config
authority
service dstNAT-ssh
name dstNAT-ssh
scope public
transport tcp
protocol tcp
port-range 2222
start-port 2222
end-port 2222
exit
exit
address 185.216.98.109
share-service-routes false
exit
exit
exit
admin@LAB-128T-PAX5-NODE-1.LAB-PYXYA-128T# show config running authority router LAB-MAX2-128T-RTR-1 service-route SR-dstNAT-SSHserver
config
authority
router LAB-MAX2-128T-RTR-1
name LAB-MAX2-128T-RTR-1
service-route SR-dstNAT-SSHserver
name SR-dstNAT-SSHserver
service-name dstNAT-ssh
nat-target 172.20.13.1
port-target 22
next-hop node1 lan1-intf
node-name node1
interface lan1-intf
exit
exit
exit
exit
exit
| |
| Satic NAT Pool | |
| authority > router XXXXX > nat-pool | |
| shared nat pool | shared between multiple interfaces |
| https://www.juniper.net/documentation/us/en/software/session-smart-router/docs/config_nat/#shared-nat-pools | |