Routing

 View Only
last person joined: 2 days ago 

Ask questions and share experiences about ACX Series, CTP Series, MX Series, PTX Series, SSR Series, JRR Series, and all things routing, including portfolios and protocols.

  • 1.  Inline / Static NAT for many /32's...

    Posted 03-03-2020 03:10

    I have 50+ specific /32 IPs that I need to inline-nat from private to public IPs. How can I add that many into my setup? I'm using an MX480 with two MPC 3D 16x 10GE line cards. 

     

    I'm using a service set:

     

    service-set STATIC-SRC-NAT-1 {
    nat-rules SRC-NAT-RULE;
    next-hop-service {
        inside-service-interface si-0/1/0.100;
        outside-service-interface si-0/1/0.200;
    }
}

    with the nat rules: 

     

     

        rule SRC-NAT-RULE {
        match-direction input;
        term t1 {
            from {
                source-address {
                    10.54.0.109/32;   # <-- an issue here
                }
            }
            then {
                translated {
                    source-pool STATIC-NAT-PUBLICS;  # <-- Wish I could use a prefix-list... 
                    translation-type {
                        basic-nat44;
                    }
                }
            }
        }
    }

    With this, I can set source to a /24 and have a public /24 in the source pool (and that works), but I need a lot of explicit private/32 to public/32. The from { source-address } won't let you have more than one entry. The same goes with: from { source-prefix-list }.  And even if I could there, I can only have 32 entries max in a nat pool.

     

    Ideally, I wish I could have 2 preflix lists with all the /32s I could want in each, and have them match up 1:1. 😕 Any suggestions? 

     

     



  • 2.  RE: Inline / Static NAT for many /32's...

    Posted 03-07-2020 06:30

    Is you can arrange the private addresses to be a contiguous subnet along with the matching public range.

    And you are dedicating the ip address to the resource ip address.

    Then static nat could be the answer.  You map one full subnet to the public one.

     

    https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-nat-static.html#id-example-configuring-static-nat-for-subnet-translation

     



  • 3.  RE: Inline / Static NAT for many /32's...
    Best Answer

    Posted 03-07-2020 06:46
    Unfortunately I cannot re-arrange the private IPs to be contiguous. They
    are all from different subnets / towers. I went ahead and simply added 50
    terms to one static rule, and its working for now. Eventually we'll move to
    a better system. 😛

    --
    :: Mike Whitaker

    --


    - Echo Broadband, home of Echo Fiber!
      Call or text us as 801-999-1001