[j-nsp] Destination NAT on SRX cluster
Leigh Porter
leigh.porter at ukbroadband.com
Tue Mar 20 08:53:13 EDT 2012
Hello Folks,
I am configuring a cluster of SRX240s running 11.1R3.5 for destination NAT.
Simply, a device in the DMZ zone on a private IP address listening on port 22 needs to be reachable from the untrust zone on port 22.
destination {
pool wilderness {
address 172.16.253.10/32 port 22;
}
rule-set incoming-connections {
from interface reth0.352;
rule port-forward {
match {
destination-address 88.94.205.5/32;
destination-port 22;
}
then {
destination-nat pool wilderness;
}
}
}
}
proxy-arp {
interface reth0.352 {
address {
88.94.205.5/32;
}
}
}
I think this looks OK, but when I commit I get this error:
error: The number of destination NAT pools exceeds limit of 0
[edit security nat destination rule-set incoming-connections rule port-forward then destination-nat]
'pool'
failed to get pool (wilderness)
error: configuration check-out failed
Does anybody know whats happening here?
Thanks,
Leigh Porter
UK Broadband
______________________________________________________________________
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
______________________________________________________________________
More information about the juniper-nsp
mailing list