MIP DIP VIP. I am sometimes confused with the NAT names of the Juniper ScreenOS devices. Therefore, I drew a small figure with a few basic examples for these NAT types.
Note that this figure does not cover all possible scenarios, but only the most common ones. E.g., I have never used the destination NAT inside a security policy, thereby it is now shown here.
Or download it as PDF:
Links
- Fir3net: Juniper Netscreen – NAT Explained
- Juniper: [ScreenOS] Resolution Guide – ScreenOS – Configure NAT
Featured image “Monreal” by onnola is licensed under CC BY-SA 2.0.
Great article. I’m sometimes confused myself. I use mip and vip. Never used dip before. In what situation would dip be used?
DIP is used when you have multiple untrust IP address and want to use them all for outgoing connections. E.g., when your single interface IP address does not fit due to too many connections.
Thanks for the hint. I updated the figure slightly.