[j-nsp] Destination NAT

[Payam Chychi]

Is the dst ip pingabl drom the fw? I thought the system auto monitors to see if the dnat dst responds to icmp packets and if not, will not work.... 
?

-- 
Payam Chychi
Network Engineer / Security Specialist


On Thursday, November 28, 2013 at 3:08 AM, Mohammad Khalil wrote:

> Ok I have changed the static IP address to 164 and the static NAT worked ,
> I will try the destination port again
> 
> 
> On Thu, Nov 28, 2013 at 2:04 PM, Mohammad Khalil <eng.mssk at gmail.com> wrote:
> 
> > Ok i will give it a shot , but before that I have tried something
> > different , I just want to configure static NAT (one to one)
> > set security nat static rule-set static-nat from zone untrust
> > set security nat static rule-set static-nat rule ALTOS_STATIC match
> > destination-address 24.173.164.162/32
> > set security nat static rule-set static-nat rule ALTOS_STATIC then
> > static-nat prefix 132.147.160.3/32
> > 
> > 
> > set security zones security-zone trust address-book address ALTOS_SERVER
> > 132.147.160.3/32
> > 
> > set security nat proxy-arp interface ge-0/0/0.0 address 24.173.164.162/32
> > 
> > set security policies from-zone untrust to-zone trust policy
> > DNAT_ALTOS_POLICY match source-address any
> > set security policies from-zone untrust to-zone trust policy
> > DNAT_ALTOS_POLICY match destination-address ALTOS_SERVER
> > set security policies from-zone untrust to-zone trust policy
> > DNAT_ALTOS_POLICY match application Tany
> > set security policies from-zone untrust to-zone trust policy
> > DNAT_ALTOS_POLICY then permit
> > 
> > and ping is not working !!
> > 
> > 
> > On Thu, Nov 28, 2013 at 1:58 PM, Per Westerlund <p1 at westerlund.se> wrote:
> > 
> > > No.
> > > 
> > > /Per
> > > 
> > > 28 nov 2013 kl. 11:53 skrev Mohammad Khalil <eng.mssk at gmail.com>:
> > > 
> > > Should I add static NAT statement ?
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
> 
>