[j-nsp] Destination NAT

Mohammad Khalil eng.mssk at gmail.com
Thu Nov 28 05:26:27 EST 2013 

No the session is not up , and I have changed the port to be 23 on both
sides (junos-telnet) and still not working ?


On Thu, Nov 28, 2013 at 1:04 PM, Per Westerlund <p1 at westerlund.se> wrote:

> No, those source nat rules should have no effect on you problem. When the
> inbound traffic matches (hopefully) the requirements, a complete flow is
> set up. The return traffic automatically gets the proper nat handling to
> match the inbound traffic. The outbound traffic will use source NAT that
> matches the inbound destination NAT.
>
> The source NAT rules you showed only affect traffic initiate from the
> trust zone, exiting to the untwist zone.
>
> Your problem is unfortunately somewhere else.
>
> Do you get a session set up at all (could be a problem at the target host)?
>
> show security flow session destination-prefix 24.173.164.162/32destination-port 3333
>
> It can be helpful to trace the flow setup to see if there is any traffic
> at all, and where it fails.
>
> /Per
>
> 28 nov 2013 kl. 10:53 skrev Mohammad Khalil <eng.mssk at gmail.com>:
>
> Yes , it's in place with no luck
> set security nat source rule-set trust-to-untrust from zone trust
> set security nat source rule-set trust-to-untrust to zone untrust
> set security nat source rule-set trust-to-untrust rule nonat match
> source-address 132.147.160.0/24
> set security nat source rule-set trust-to-untrust rule nonat match
> destination-address 132.150.160.0/24
> set security nat source rule-set trust-to-untrust rule nonat then
> source-nat off
> set security nat source rule-set trust-to-untrust rule nonat2 match
> source-address 132.147.160.0/24
> set security nat source rule-set trust-to-untrust rule nonat2 match
> destination-address 10.6.1.0/24
> set security nat source rule-set trust-to-untrust rule nonat2 then
> source-nat off
> set security nat source rule-set trust-to-untrust rule source-nat-rule
> match source-address 0.0.0.0/0
> set security nat source rule-set trust-to-untrust rule source-nat-rule
> match destination-address 0.0.0.0/0
> set security nat source rule-set trust-to-untrust rule source-nat-rule
> then source-nat interface
>
> Do the above configuration affect what am doing ? am not that expert in SRX
>
>
>

More information about the juniper-nsp mailing list