Static NAT enables the translation of flows initiated both to and from a configured address or range of addresses. It accomplishes in one rule-set what would otherwise require a combination of separate source and destination NAT rule-sets. Static translations are always between one address and another address, or one range of addresses and another of equal size. In other words, static NAT requires a one-to-one correspondence between the pre-translation and post-translation addresses. Thus, static NAT provides a simple and effective method of migrating systems to new address space.
Figure 5-14 shows this bidirectional nature of static NAT, where a given host’s IP address is translated whether it is initiating communication outbound or whether it is receiving communication initiated from elsewhere inbound.
Figure 5-14. Static NAT
Static NAT in the SRX is a superset of ScreenOS MIP configuration.
Now you will walk through an example creating a static NAT rule-set that statically translates flows originating from the Inet zone and destined to a specific /24 network.
First enter configuration mode and move the configuration prompt to the static NAT rule-set hierarchy in Junos:
editEntering configuration mode  james@SRX5800-1#
edit security nat static rule-set Internet
Now use the
set command to configure the new static NAT rule-set for traffic originated ...