The order is: screen options -> D-NAT -> route lookup -> policy -> S-NAT -> others.
/chris --- -----Original Message----- From: Ge Moua <[email protected]> Sender: [email protected] Date: Fri, 06 Jul 2012 08:41:10 To: <[email protected]> Subject: [j-nsp] order of operations for NAT & zone policy enforcement / SRX j-nsp: I am running into an issue on Juniper SRX where I am seeing zone policy deny for destination-based NAT traffic (ie, untrusted to trusted zone). My assumption for SRX order of operation is as follow: * perform zone policy enforcement (to dest NAT ip_addr / ARIN public) * perform NAT translation for dest_ip It would appear the order of operation here is reversed for flow that requires destination based NAT& zone policy enforcement: * peform NAT translation for dest_ip * perform zone policy enforcement (to real ip_addr / RFC-1918) Comments or feedback would greatly be appreciated. -- -- Regards, Ge Moua Univ of Minn Alumnus -- _______________________________________________ juniper-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/juniper-nsp _______________________________________________ juniper-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/juniper-nsp
