[j-nsp] SRX Config Question
Stefan Fouant
sfouant at shortestpathfirst.net
Mon Jun 21 12:50:27 EDT 2010
> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net [mailto:juniper-nsp-
> bounces at puck.nether.net] On Behalf Of Brendan Mannella
> Sent: Monday, June 21, 2010 11:20 AM
> To: juniper-nsp
> Subject: [j-nsp] SRX Config Question
>
> So main issue is the firewall does not seem to allow any incoming traffic
on
> the ports i opened below on the policies. Anyone have any ideas what i am
> missing?
Hi Brendan,
How are things? I could be wrong, but I believe the issue is with the
untrust-to-trust policy where you are matching on destination-address
192.168.1.214:
from-zone untrust to-zone trust {
policy 240-51 {
match {
source-address any;
destination-address 192.168.1.214;
application [ rdp junos-dns-udp junos-ftp junos-http junos-https
junos-ms-sql ];
}
I believe in order for this to work you are going to need to make the
destination-address 111.111.111.214. This will cause it to vector off into
the NAT policy which will translate from 111.111.111.214 to 192.168.1.214.
I think you might also need to use an address book entry whereby you put the
pre-natted address (111.111.111.214) into your trust zone as well.
Feel free to contact me offline if you'd like additional assistance.
HTHs.
Stefan Fouant, CISSP, JNCIEx2
www.shortestpathfirst.net
GPG Key ID: 0xB5E3803D
More information about the juniper-nsp
mailing list