Dynamic NAT translation using IP and port
To enable one single routed interface IP address to be reused for translation several time, the layer4 information is attached to the source address.
This can be easily done in web interface, in CLI however it is quite hard to find the hierarchy. NAT is under the
How to configure dynamic port NAT
admin@PA-5050> configure Entering configuration mode  admin@PA-5050# edit rulebase nat [edit rulebase nat] admin@PA-5050# set rules trust-to-untrust description "Dynamic PAT" [edit rulebase nat] admin@PA-5050# admin@PA-5050# set rules trust-to-untrust from trust to untrust destination any service any source any source-translation dynamic-ip-and-port interface-address interface ethernet1/1 ip 220.127.116.11/30 [edit rulebase nat] admin@PA-5050# commit ....55%99%.....100% Configuration committed successfully Interface ethernet1/1 has no virtual-router configuration. Interface ethernet1/2 has no virtual-router configuration. [edit rulebase nat] admin@PA-5050#
Setup virtual-router to route packets
Create static default route by first creating virtual router, treat virtual-router like a router process, you need to include interfaces that is available for virtual-router. the virtual-router is located under
[edit rulebase nat] admin@PA-5050# top  admin@PA-5050# set network virtual-router static-route interface ethernet1/1  admin@PA-5050# set network virtual-router static-route interface ethernet1/2
Take note that
static-route is a name I defined for virtual-router, there is a
default profile which you can use if you want.
Define the default routes with the
admin@PA-5050# set network virtual-router static-route routing-table ip static-route static-default-route interface ethernet1/1 nexthop ip-address 18.104.22.168 admin@PA-5050# commit ....55%99%.....100% Configuration committed successfully  admin@PA-5050#
Take note that
static-default-route is the routing-table profile I have created, you can create any name you want.