Persistent NAT will give you a full cone while the mapping is alive (you can adjust some timers for that). Once the mapping expires, the next session initiated from the internal host could result in a completely different mapping. Here's a really cool write-up: https://www.blackhole-networks.com/SRXNAT/snat_persist.html
I believe the CGNAT features allow for the mappings to be more sticky, if you will.
It really depends on the particular applications you're trying to support. If you can get away with just a simple Persistent NAT, then why make it more complex than it needs to be.
------------------------------
Nikolay Semov
------------------------------
Original Message:
Sent: 05-22-2025 08:34
From: Johnson V C
Subject: CGNAT APP+EIM+EIF is same as persistent-nat related to Full Con NAT
Hi,
We are trying to set up full-cone NAT on an ISP SRX5K with SPC3, specifically for STUN/P2P applications.
From our documenataion, it appears that Junos supports full-cone NAT using Persistent NAT, and also through a combination of Address Pooling Paired (APP), Endpoint-Independent Mapping (EIM), and Endpoint-Independent Filtering (EIF).
We are trying to understand whether Persistent NAT and the combination of APP + EIM + EIF serve the same purpose, or if they differ.
Also, which of the two would be the best solution in this scenario?
------------------------------
Thanks and regards
Johnson V C
Juniper networks
------------------------------