juniper srx 系列 （15.1x）如何映射 udp端口

關於juniper srx 系列 （15.1x）如何映射 udp端口

需求映射網絡電話服務器udp 1111 2222 （舉例）

選擇destination NAT

配置如下 ：

定義一個 destination pool

set security nat destination pool 10-6-1-1-1111 routing-instance default
set security nat destination pool 10-6-1-1-1111 address 10.6.1.1/32
set security nat destination pool 10-6-1-1-1111 address port 1111

區域 trust 到untust

set security nat destination rule-set 001 from zone trust
set security nat destination rule-set 001 from zone untrust

set security nat destination rule-set 001 rule 10-6-1-1-1111 then destination-nat pool 10-6-1-1-1111
set security nat destination rule-set 001 rule 10-6-1-1-1111 match destination-address 111.000.222.333/32 （外網出口地址）
set security nat destination rule-set 001 rule 10-6-1-1-1111 match destination-port 1111
set security nat destination rule-set 001 rule 10-6-1-1-1111 match protocol udp

---