[j-nsp] NAT on SRX with routed IP range

Jonathan Call lordsith49 at hotmail.com
Wed Feb 4 14:24:45 EST 2015

I've seen plenty of examples of a static NAT where the SRX has a public IP range on the untrusted interface. I have not found a good one for when the SRX has an IP range routed to it.
SRX Public IP: IP range (via the public interface) zone:
show configuration security nat (hopefully this will display properly)
source {    rule-set my-lab-internal {        from zone lab-internal;        to zone untrust;        rule my-lab-inet {            match {                source-address;            }            then {                source-nat {                    interface;                }            }        }    }}destination {    pool lab-plasma {        address port 8080;    }    rule-set lab-nats {        from zone untrust;        rule lab-plasma-1 {            match {                destination-address;                destination-port 8080;            }            then {                destination-nat pool lab-plasma;            }        }    }}
The result of this configuration is that no NAT occurs. But if I change the destination-address to the SRX's external IP ( it works just fine. 

More information about the juniper-nsp mailing list