[j-nsp] SRX Static NAT
Scott T. Cameron
routehero at gmail.com
Wed Mar 2 19:12:37 EST 2011
You should only need proxy-arp if your particular routing scenario requires
it. If all the IPs that you are answering for are routed to you, then
there's no need for proxy-arp.
However, you'll still require 2 lines per static nat. One for the match,
and one for the action.
Scott
On Wed, Mar 2, 2011 at 7:05 PM, Bill Blackford <bblackford at gmail.com> wrote:
> I am looking for a more efficient method to define/map several
> scattered/non-contiguous static NATS. I can use pools to map ranges
> for end user blocks, but this need is for publishing services
> (servers) globally on a one by one basis.
>
> ex.,
>
> using the following method, I would need to make a separate rule and a
> proxy-arp address for each one-to-one snat.
>
> <snip>
> static {
> rule-set SNAT1 {
> from interface ge-0/0/0.0;
> rule SNAT-TEST0 {
> match {
> destination-address 66.x.y.6/32;
> }
> then {
> static-nat prefix 192.168.1.65/32;
> }
> }
> rule SNAT-TEST1 {
> match {
> destination-address 66.x.y.18/32;
> }
> then {
> static-nat prefix 192.168.13.67/32;
> }
> }
> }
> }
> proxy-arp {
> interface ge-0/0/0.0 {
> address {
> 66.x.y.6/32;
> 66.x.y.18/32;
> }
> }
> }
> </snip>
>
> I remember doing a single line in screenos unless my recollection is off.
>
> On the Cisco ASA/PIX, it's a single line 'static (inside,outside)
> ....' statement.
> Is there an equivalently efficient method on the SRX?
>
> Thank you in advance for any input.
>
> -b
>
>
> --
> Bill Blackford
> Network Engineer
>
> Logged into reality and abusing my sudo privileges.....
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
More information about the juniper-nsp
mailing list