[j-nsp] NAT on SRX with routed IP range

Jonathan Call lordsith49 at hotmail.com
Wed Feb 4 14:24:45 EST 2015


I've seen plenty of examples of a static NAT where the SRX has a public IP range on the untrusted interface. I have not found a good one for when the SRX has an IP range routed to it.
SRX Public IP: 4.5.6.60/30Routed IP range (via the public interface) 4.5.32.16/28Trusted zone: 192.168.2.1/26
show configuration security nat (hopefully this will display properly)
source {    rule-set my-lab-internal {        from zone lab-internal;        to zone untrust;        rule my-lab-inet {            match {                source-address 192.168.2.0/26;            }            then {                source-nat {                    interface;                }            }        }    }}destination {    pool lab-plasma {        address 192.168.2.2/32 port 8080;    }    rule-set lab-nats {        from zone untrust;        rule lab-plasma-1 {            match {                destination-address 4.5.32.16/32;                destination-port 8080;            }            then {                destination-nat pool lab-plasma;            }        }    }}
The result of this configuration is that no NAT occurs. But if I change the destination-address to the SRX's external IP (4.5.6.60) it works just fine. 
Jonathan 		 	   		  


More information about the juniper-nsp mailing list