— Exhibit —
security {
nat {
destination {
pool Web-Server {
address 10.0.1.5/32;
}
rule-set From-Internet {
from zone Untrust;
rule To-Web-Server {
match {
source-address 0.0.0.0/0;
destination-address 172.16.1.7/32;
}
then {
destination-nat pool Web-Server;
}}
}
}
}
zones {
security-zone Untrust {
address-book {
address Web-Server-External 172.16.1.7/32;
address Web-Server-Internal 10.0.1.5/32;
}
interfaces {
ge-0/0/0.0;
}
}
security-zone DMZ {
address-book {
address Web-Server-External 172.16.1.7/32;
address Web-Server-Internal 10.0.1.5/32;
}
interfaces {
ge-0/0/1.0;
}
}
}
}
— Exhibit —
You are migrating from one external address block to a different external address block. You want to enable a
smooth transition to the new address block. You temporarily want to allow external users to contact the Web
server using both the existing external address as well as the new external address 192.168.1.1.
How do you accomplish this goal?
A.
Add address 192.168.1.1/32 under [edit security nat destination pool Web-Server].
B.
Change the address Web-Server-Ext objects to be address-set objects that include both addresses.
C.
Change the destination address under [edit security nat destination rule-set From-Internet rule To-WebServer match] to include both 172.16.1.7/32 and 192.168.1.2/32.
D.
Create a new rule for the new address in the [edit security nat destination rule-set From- Internet] hierarchy.
Explanation:
http://www.juniper.net/techpubs/en_US/junos12.1/topics/example/nat-security-source- anddestination-nat-translation-configuring.html