How to match 4th octet number in NAT

General questions
1

Hello,
I want to know how to configure 1 to 1 nat in any ip range.
[attachment=134]

I want to configure 1-to-1 nat bellow.
e.g.) matching 4th octet number
10.200.20.1 -> 192.168.100.1
10.200.20.2 -> 192.168.100.2

10.200.20.52 -> 192.168.100.52

I configured nat with ip range. (see bellow)

set interfaces dummy dum1 address '192.168.100.1/24' ... set nat source rule 10 outbound-interface 'tun1' set nat source rule 10 source address '10.200.20.0/24' set nat source rule 10 translation address '192.168.100.0/24' ...

I can see a nat translation that matched 4th octet numbers.

$ sh nat source translations Pre-NAT Post-NAT Prot Timeout 10.200.20.76 192.168.100.76 icmp 11

In this case, is this nat translation always maintained ?

Regards,

2

Seems fine to me. If there’s also traffic initiated from other side of the tunnel, add corresponding dNAT rule.

3

Thank you for your reply.

There are both side traffic.
I have to configure both nat rule (inside-to-outside and outside-to-inside), correct ?
(If only one side, the traffic isn’t be natted?)

4

You need both destination and source NAT to create full 1:1 NAT.
Normally sNAT is required for initiating outgoing connections (and return traffic is automatically NATted as well)
The dNAT rule is for NATting traffic initiated from outside to inside.