<div dir="ltr">You'll need a "hairpin" rule eg:<div><br></div><div style>set security policies from-zone trust to-zone trust policy hairpin match source-address any</div><div style>set security policies from-zone trust to-zone trust policy hairpin match destination-address any<br>
</div><div style>set security policies from-zone trust to-zone trust policy hairpin match application any<br></div><div style>set security policies from-zone trust to-zone trust policy hairpin then permit<br></div><div style>
<br></div><div style>There is no implicit "accept back into source zone".</div><div style><br></div><div style><br></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Nov 3, 2010 at 5:33 AM, Bruce Buchanan <span dir="ltr"><<a href="mailto:bbuchana@nexicomgroup.net" target="_blank">bbuchana@nexicomgroup.net</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div lang="EN-US" link="blue" vlink="purple">
<div>
<p class="MsoNormal">Hi List –<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Can anyone give any suggestion/guidance on the following.<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">I’m trying to do a static route *<b>out</b>* the same
interface that the traffic came *<b>in</b>* on. This is on an SRX-240<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Here are the details:<u></u><u></u></p>
<p class="MsoNormal">“Private”: <a href="http://192.168.20.0/24" target="_blank">192.168.20.0/24</a><u></u><u></u></p>
<p class="MsoNormal">“Public”: 216.168.x.x/32<u></u><u></u></p>
<p class="MsoNormal">Static route: <a href="http://172.30.200.0/24" target="_blank">172.30.200.0/24</a> to <gateway – 192.168.20.224>
to 192.168.20.121<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">192.168.20.121 is the IP on a VPN appliance.<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Traffic from a client computer never gets routed to the VPN
appliance. This works on a Cisco 2800 without a problem, but I can’t
get it working on the SRX.<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Thanks,<u></u><u></u></p>
<p class="MsoNormal">Bruce<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><b><span style="color:#1f497d">Bruce Buchanan</span></b><span style="color:#1f497d"><br>
Senior Network Technician<br>
Nexicom<br>
5 King St. E., Millbrook, ON, LOA 1GO<br>
</span><span style="color:#1f497d">Phone: <a href="tel:705-932-4147" value="+17059324147" target="_blank">705-932-4147</a><br>
FAX: <a href="tel:705-932-3027" value="+17059323027" target="_blank">705-932-3027</a><br>
Cell: <a href="tel:705-750-7705" value="+17057507705" target="_blank">705-750-7705</a><br>
</span><span style="color:#1f497d">Web: <a href="http://www.nexicom.net/" target="_blank"><span style="color:blue">http://www.nexicom.net</span></a><br>
</span><b><span style="color:#365f91">Nexicom – Connected. Naturally.</span></b><span style><u></u><u></u></span></p>
<p class="MsoNormal"><a href="http://messaging.nexicom.net/demo/callme.html?Token=%2BMG4FqUv2NeHeDa1hskfYtfJuno3cQZPLYABdYJ%2FSzqBopBqHiON5tp2gJxEFzvYJEVgFhguIyM94VT%2F5gSYKQPnNXfHtvtV4SL6WuBmtmrG9lu3W5DQJcNnjVetEwcMmynAZcsFspCj4zNyGZPVNQ9cD3MGYjzhJDuAztmmlY30X%2BInJFzGAIlxND9W0RghG63yJ4vYC%2BrYtAv33AYFzjqErh1nzDUutVR6cmGs%2BS9ymGDFRZ80IXTOm%2FRWr5AdjBr4L8EUO6tadfT3JSWBZdN1U9hDimBYYZgNaSPOUFLZBq5uwsyU%2Bf67gYm0NPIV6kggg%2B59ypWRWTDccFUF6ph3msB0k83cnY3FAWynyM5w2BYZZQmFIXVBCTMjkE01ulNAUnyyZh%2BMLmKXuci9RmrF1kq7tvNcCOtEFvYckpBHUjyH6%2FtX9wjXqATwcmgNU7ZVPdG5JvhdwS4m5tlusg%3D%3D" target="_blank"><span style="font-size:12.0pt;font-family:"Times New Roman","serif";color:blue;text-decoration:none"><img border="0" width="95" height="30" src="cid:image001.png@01CB7B31.2DD0BE60" alt="Click to call me"></span></a><span style="font-size:12.0pt;font-family:"Times New Roman","serif""><u></u><u></u></span></p>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
</div>
<br>_______________________________________________<br>
juniper-nsp mailing list <a href="mailto:juniper-nsp@puck.nether.net">juniper-nsp@puck.nether.net</a><br>
<a href="https://puck.nether.net/mailman/listinfo/juniper-nsp" target="_blank">https://puck.nether.net/mailman/listinfo/juniper-nsp</a><br></blockquote></div><br><br clear="all"><div><br></div>-- <br><br>"Genius might be described as a supreme capacity for getting its possessors<br>
into trouble of all kinds."<br>-- Samuel Butler<br>
</div>