[j-nsp] Destination NAT

Mohammad Khalil eng.mssk at gmail.com
Thu Nov 28 04:53:44 EST 2013


Yes , it's in place with no luck
set security nat source rule-set trust-to-untrust from zone trust
set security nat source rule-set trust-to-untrust to zone untrust
set security nat source rule-set trust-to-untrust rule nonat match
source-address 132.147.160.0/24
set security nat source rule-set trust-to-untrust rule nonat match
destination-address 132.150.160.0/24
set security nat source rule-set trust-to-untrust rule nonat then
source-nat off
set security nat source rule-set trust-to-untrust rule nonat2 match
source-address 132.147.160.0/24
set security nat source rule-set trust-to-untrust rule nonat2 match
destination-address 10.6.1.0/24
set security nat source rule-set trust-to-untrust rule nonat2 then
source-nat off
set security nat source rule-set trust-to-untrust rule source-nat-rule
match source-address 0.0.0.0/0
set security nat source rule-set trust-to-untrust rule source-nat-rule
match destination-address 0.0.0.0/0
set security nat source rule-set trust-to-untrust rule source-nat-rule then
source-nat interface

Do the above configuration affect what am doing ? am not that expert in SRX
And sorry for using extra links for configuration


On Thu, Nov 28, 2013 at 12:45 PM, Per Westerlund <p1 at westerlund.se> wrote:

> Yes.
>
> When you are done it should look like this (I much prefer this
> presentation, much clearer):
>
> [edit security nat]
> perw at srx1# show
> proxy-arp {
>     interface ge-0/0/0.0 {
>         address {
>             24.173.164.162/32;
>         }
>     }
> }
>
> /Per
>
> PS: The example you used,
> http://www.fir3net.com/Juniper-SRX-Series-Gateway/juniper-srx-destination-nat-port-forwarding.html;
> it is not correct. It would have been better to use the Juniper
> documentation instead of just borrowing some boilerplate configs.
>
> 28 nov 2013 kl. 10:41 skrev Mohammad Khalil <eng.mssk at gmail.com>:
>
> set security nat proxy-arp interface ge-0/0/0.0 address 24.173.164.162/32
> ?
>
>
>


More information about the juniper-nsp mailing list