Destination NAT
Single Address Translation
To configure a destination NAT mapping from a public address
to a private address:
- Create the destination NAT pool.[edit security nat destination]user@host# set pool dst-nat-pool-1 address 192.168.1.200/32
- Create a destination NAT rule set.[edit security nat destination]user@host# set rule-set rs1 from interface ge-0/0/0.0
- Configure a rule that matches packets
and translates the destination address to the address in the pool.[edit security nat destination]user@host# set rule-set rs1 rule r1 match destination-address 1.1.1.200/32user@host# set rule-set rs1 rule r1 then destination-nat pool dst-nat-pool-1
- Configure proxy ARP.[edit security nat]user@host# set proxy-arp interface ge-0/0/0.0 address 1.1.1.200/32
- Configure an address book entry in the
trust zone for the server.[edit security]user@host# set zones security-zone trust address-book address server-1 192.168.1.200/32
- Configure a security policy that allows
traffic from the untrust zone to the server in the trust zone.[edit security policies from-zone untrust to-zone trust]user@host# set policy server-access match source-address any destination-address server-1 application anyuser@host# set policy server-access then permit
No comments:
Post a Comment