TABLE OF CONTENTS With the explosive growth of the Internet in the last decade, the number of available IP addresses has become scarce. To help ease the burden for unique IP addresses, three network ranges were created to be used as private addresses not routable on the Internet. In order to support these nonroutable addresses that were not globally unique, they have to be translated into addresses that are globally unique and routable. This technique is called Network Address Translation, or NAT for short.
Juniper has engineered several methods of performing NAT on their firewalls. They have created mechanisms for performing NAT in policies as well as on the interface level. You will no doubt find a good solution to implementing NAT in your network.
In this chapter, we will begin with an overview of NAT itself. We will then discuss the various concepts and terminology of NAT on the Juniper firewalls, reinforcing those concepts with real-world examples to help get you on your way with configuring NAT on your firewall.
NAT has provided a way to virtually expand the number of hosts that can connect to the Internet. Since IPv4 has a limited number of IP addresses it can globally support (2^32,) NAT has allowed network administrators to buy some time with IPv4. Essentially, NAT allows you to masquerade one IPv4 address with another. The address translation does not have to be strictly one-to-one; it can also be many-to-one, one-to-many, or many-to-many on the Juniper...
