[j-nsp] Verifying NAT translation
Ivan c
ivannetw at gmail.com
Tue Nov 3 21:14:47 EST 2009
hey
try
#show services stateful-firewall flows
cheers
Ivan
On Fri, Oct 23, 2009 at 8:04 PM, <techtalm at gmail.com> wrote:
> Hi,
>
>
>
> I have configured an SRX machine with source NAT and destination NAT as
> followed:
>
> set security nat source pool WAN_Address address x.x.x.x/32
>
> set security nat source rule-set interface-nat from zone trust
>
> set security nat source rule-set interface-nat to zone untrust
>
> set security nat source rule-set interface-nat rule rule1 match
> source-address 10.0.0.0/24
>
> set security nat source rule-set interface-nat rule rule1 match
> destination-address 0.0.0.0/0
>
> set security nat source rule-set interface-nat rule rule1 then source-nat
> pool WAN_Address
>
> set security nat destination pool Int_Servers address 10.0.0.4/32
>
> set security nat destination rule-set rule1 from interface fe-0/0/2.0
>
> set security nat destination rule-set rule1 rule NAT-to-Server match
> destination-address x.x.x.x/32
>
> set security nat destination rule-set rule1 rule NAT-to-Server then
> destination-nat pool Int_Servers
>
> set security nat proxy-arp interface fe-0/0/2.0 address x.x.x.x/32
>
>
>
> [x.x.x.x is my WAN IP Address on fe-0/0/2]
>
>
>
> How can I verify that this config is working from within the SRX?
>
> While trying to ping some outside address with source ip of my internal LAN
> interface (10.0.0.254) I'm not getting back any answer
>
>
>
> Best Regards,
>
> MTC
>
>
>
>
>
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
More information about the juniper-nsp
mailing list