[j-nsp] NAT on SRX with routed IP range
Jonathan Call
lordsith49 at hotmail.com
Wed Feb 4 14:24:45 EST 2015
I've seen plenty of examples of a static NAT where the SRX has a public IP range on the untrusted interface. I have not found a good one for when the SRX has an IP range routed to it.
SRX Public IP: 4.5.6.60/30Routed IP range (via the public interface) 4.5.32.16/28Trusted zone: 192.168.2.1/26
show configuration security nat (hopefully this will display properly)
source { rule-set my-lab-internal { from zone lab-internal; to zone untrust; rule my-lab-inet { match { source-address 192.168.2.0/26; } then { source-nat { interface; } } } }}destination { pool lab-plasma { address 192.168.2.2/32 port 8080; } rule-set lab-nats { from zone untrust; rule lab-plasma-1 { match { destination-address 4.5.32.16/32; destination-port 8080; } then { destination-nat pool lab-plasma; } } }}
The result of this configuration is that no NAT occurs. But if I change the destination-address to the SRX's external IP (4.5.6.60) it works just fine.
Jonathan
More information about the juniper-nsp
mailing list