[j-nsp] SRX destination-nat & ping
Stefan Fouant
sfouant at shortestpathfirst.net
Mon Jul 11 18:46:34 EDT 2011
On 7/11/2011 6:31 PM, Scott T. Cameron wrote:
> With SRX static-nat, all traffic (all protocols) is forwarded to a
> specific IP.
>
> With SRX destination-nat, a specific protocol (tcp/udp, presumably) is
> forwarded to a specific IP [and optionally port]
>
> There does not appear to be an option in destination-nat to send ICMP to
> an IP, so that it responds to, for example, ping.
Unless you are doing port translation, simply matching on
destination-address in your match statement and then specifying the
translated address in your then statement should do the trick. You may
need to enable proxy-arp in your environment if the ingress IP
(pre-translated) is a different address than the interface IP, but other
than that you shouldn't need to do anything fancy to enable ping traffic
to flow through...
Sorry I don't have access to a device at the moment to give you a
working config... can we see your configs in the meantime?
Stefan Fouant
JNCIE-ER #70, JNCIE-M #513, JNCI
Technical Trainer, Juniper Networks
http://www.shortestpathfirst.net
http://www.twitter.com/sfouant
More information about the juniper-nsp
mailing list