Refer to the Exhibit.
— Exhibit —
security {
nat {
destination {
pool Web-Server {
address 10.0.1.5/32;
}
rule-set From-Internet {
from zone Untrust;
rule To-Web-Server {
match {
source-address 0.0.0.0/0;
destination-address 172.16.1.7/32;
}
then {
destination-nat pool Web-Server;
}
}
}
}
}
zones {
security-zone Untrust {
address-book {
address Web-Server-External 172.16.1.7/32;
address Web-Server-Internal 10.0.1.5/32;
}
interfaces {
ge-0/0/0.0;
}
}
security-zone DMZ {
address-book {
address Web-Server-External 172.16.1.7/32;
address Web-Server-Internal 10.0.1.5/32;
}
interfaces {
ge-0/0/1.0;
}
}
}
}
— Exhibit —
You are migrating from one external address block to a different external address block. You want
to enable a smooth transition to the new address block. You temporarily want to allow external
users to contact the Web server using both the existing external address as well as the new
external address 192.168.1.1.
How do you accomplish this goal?
A.
Add address 192.168.1.1/32 under [edit security nat destination pool Web-Server].
B.
Change the address Web-Server-Ext objects to be address-set objects that include both
addresses.
C.
Change the destination address under [edit security nat destination rule-set From-Internet rule
To-Web-Server match] to include both 172.16.1.7/32 and 192.168.1.2/32.
D.
Create a new rule for the new address in the [edit security nat destination rule-set FromInternet] hierarchy.
Explanation:
Reference:http://www.juniper.net/techpubs/en_US/junos12.1/topics/example/nat-security-source
and-destination-nat-translation-configuring.html