[j-nsp] Address persistent NAT on SRX

Morris McDonald morrismcdonald at yahoo.com
Wed Mar 16 16:15:29 EDT 2011


Hello,
 
When using a single sign on users are having to reauthenticate each time that they change pages.   Currently the address-persistent option is not configured.   It can be set at the global level or the pool level.  The pool level also allows the modification of the max 
number of sessions and changing the time out timer.
 
When setting the address persistent option is there a difference between setting it at the global and the pool level?   If a user connects multiple sessions, as they drill down to their  "work area"  what will happen to the up-level sessions which are idle for longer than the time out?   Will they have to reauthenticate?
 
Is the address persistent option a resolution to the issue?
 
source {
    pool test{
        address {
            1.1.1.1/25 to 1.1.1.10/25;
        }
    }
    address-persistent;
    rule-set test-pool{
        from interface ge-0/0/9.0;
        to interface ge-0/0/0.0;
        rule poolNAT {
            match {
                source-address [ 100.0.0.0/8 10.0.0.0/8 172.28.0.0/16 172.29.0.0/16 172.30.0.0/16 172.31.0.0/16 ];
            }
            then {
                source-nat {
                    pool {
                       test;
                    }
                }
            }
        }
    }


      


More information about the juniper-nsp mailing list