[j-nsp] SRX destination-nat & ping
Scott T. Cameron
routehero at gmail.com
Mon Jul 11 18:31:22 EDT 2011
>
> Anyone have any success in getting a destination-nat on SRX respond to
>> ICMP?
>> Any tricks to loopback to 127.0.0.1 or anything else? Don't really care
>> how, just would like it as an option.
>>
>> Scott
>>
>
> Hey Scott,
>
> Can you describe the setup in more detail? Usually NAT is designed to
> translate traffic for hosts that are behind the firewall, so the host should
> usually be the one to respond to ICMP. Are you talking about doing
> destination-NAT to an address located on the SRX itself?
With SRX static-nat, all traffic (all protocols) is forwarded to a specific
IP.
With SRX destination-nat, a specific protocol (tcp/udp, presumably) is
forwarded to a specific IP [and optionally port]
There does not appear to be an option in destination-nat to send ICMP to an
IP, so that it responds to, for example, ping.
Scott
More information about the juniper-nsp
mailing list