[j-nsp] Destination NAT

Mohammad Khalil eng.mssk at gmail.com
Thu Nov 28 05:53:19 EST 2013


Should I add static NAT statement ?


On Thu, Nov 28, 2013 at 1:26 PM, Mohammad Khalil <eng.mssk at gmail.com> wrote:

> No the session is not up , and I have changed the port to be 23 on both
> sides (junos-telnet) and still not working ?
>
>
> On Thu, Nov 28, 2013 at 1:04 PM, Per Westerlund <p1 at westerlund.se> wrote:
>
>> No, those source nat rules should have no effect on you problem. When the
>> inbound traffic matches (hopefully) the requirements, a complete flow is
>> set up. The return traffic automatically gets the proper nat handling to
>> match the inbound traffic. The outbound traffic will use source NAT that
>> matches the inbound destination NAT.
>>
>> The source NAT rules you showed only affect traffic initiate from the
>> trust zone, exiting to the untwist zone.
>>
>> Your problem is unfortunately somewhere else.
>>
>> Do you get a session set up at all (could be a problem at the target
>> host)?
>>
>> show security flow session destination-prefix 24.173.164.162/32destination-port 3333
>>
>> It can be helpful to trace the flow setup to see if there is any traffic
>> at all, and where it fails.
>>
>> /Per
>>
>> 28 nov 2013 kl. 10:53 skrev Mohammad Khalil <eng.mssk at gmail.com>:
>>
>> Yes , it's in place with no luck
>> set security nat source rule-set trust-to-untrust from zone trust
>> set security nat source rule-set trust-to-untrust to zone untrust
>> set security nat source rule-set trust-to-untrust rule nonat match
>> source-address 132.147.160.0/24
>> set security nat source rule-set trust-to-untrust rule nonat match
>> destination-address 132.150.160.0/24
>> set security nat source rule-set trust-to-untrust rule nonat then
>> source-nat off
>> set security nat source rule-set trust-to-untrust rule nonat2 match
>> source-address 132.147.160.0/24
>> set security nat source rule-set trust-to-untrust rule nonat2 match
>> destination-address 10.6.1.0/24
>> set security nat source rule-set trust-to-untrust rule nonat2 then
>> source-nat off
>> set security nat source rule-set trust-to-untrust rule source-nat-rule
>> match source-address 0.0.0.0/0
>> set security nat source rule-set trust-to-untrust rule source-nat-rule
>> match destination-address 0.0.0.0/0
>> set security nat source rule-set trust-to-untrust rule source-nat-rule
>> then source-nat interface
>>
>> Do the above configuration affect what am doing ? am not that expert in
>> SRX
>>
>>
>>
>


More information about the juniper-nsp mailing list