[j-nsp] Destination NAT

Mohammad Khalil eng.mssk at gmail.com
Fri Nov 29 18:37:14 EST 2013 

The issue is solved after I have changed my public IP address in use


On Fri, Nov 29, 2013 at 5:30 AM, Payam Chychi <pchychi at gmail.com> wrote:

>  Is the dst ip pingabl drom the fw? I thought the system auto monitors to
> see if the dnat dst responds to icmp packets and if not, will not work....
> ?
>
> --
> Payam Chychi
> Network Engineer / Security Specialist
>
> On Thursday, November 28, 2013 at 3:08 AM, Mohammad Khalil wrote:
>
> Ok I have changed the static IP address to 164 and the static NAT worked ,
> I will try the destination port again
>
>
> On Thu, Nov 28, 2013 at 2:04 PM, Mohammad Khalil <eng.mssk at gmail.com>
> wrote:
>
> Ok i will give it a shot , but before that I have tried something
> different , I just want to configure static NAT (one to one)
> set security nat static rule-set static-nat from zone untrust
> set security nat static rule-set static-nat rule ALTOS_STATIC match
> destination-address 24.173.164.162/32
> set security nat static rule-set static-nat rule ALTOS_STATIC then
> static-nat prefix 132.147.160.3/32
>
>
> set security zones security-zone trust address-book address ALTOS_SERVER
> 132.147.160.3/32
>
> set security nat proxy-arp interface ge-0/0/0.0 address 24.173.164.162/32
>
> set security policies from-zone untrust to-zone trust policy
> DNAT_ALTOS_POLICY match source-address any
> set security policies from-zone untrust to-zone trust policy
> DNAT_ALTOS_POLICY match destination-address ALTOS_SERVER
> set security policies from-zone untrust to-zone trust policy
> DNAT_ALTOS_POLICY match application Tany
> set security policies from-zone untrust to-zone trust policy
> DNAT_ALTOS_POLICY then permit
>
> and ping is not working !!
>
>
> On Thu, Nov 28, 2013 at 1:58 PM, Per Westerlund <p1 at westerlund.se> wrote:
>
> No.
>
> /Per
>
> 28 nov 2013 kl. 11:53 skrev Mohammad Khalil <eng.mssk at gmail.com>:
>
> Should I add static NAT statement ?
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>
>

More information about the juniper-nsp mailing list