Thanks for the info, I can get NAT working when using the ext interface/ip as the egress type, but when I try to use a Nat pool with the same address range as the interface IP, it doesn't work.
Ext. Interface IP is: 59.1.1.1/24 and Nat Pool using 59.1.1.5/24 to 59.1.1.6/24 Have also tried 59.1.1.5/32 to 59.1.1.6/32 which also doesn't work. Spammy -----Original Message----- From: Ben Dale <[email protected]> To: [email protected] Cc: "[email protected]" <[email protected]> Date: Thu, 27 Sep 2012 09:05:28 +1000 Subject: Re: [j-nsp] SRX240 Source Natting On 27/09/2012, at 6:51 AM, Spam <[email protected]> wrote: > Hey All, > Here's another SRX issue I'm having and need help on.. > My SRX is connected on 3 Ports. Each in its own Security Domain and subnet. > Sec-Domain: Inside > Subnet1: 10.10.10.0/24 > Subnet2: 20.20.20.0/24 > Sec-Domain: Outside > Subnet: 59.xx.xx.xx/24 (Publicly Routed Addresses) > Sec-Domain: ISP > Subnet: 213.x.x.x/29 (Internet Uplink to ISP) If I follow correctly, you only want to NAT the Inside Zone to the interface address on the Outside zone? set security nat source rule-set OUTBOUND-NAT from zone Inside set security nat source rule-set OUTBOUND-NAT to zone Outside set security nat source rule-set OUTBOUND-NAT rule SNAT-OUTSIDE-IF match source-address 10.10.10.0/24 set security nat source rule-set OUTBOUND-NAT rule SNAT-OUTSIDE-IF match source-address 20.20.20.0/24 set security nat source rule-set OUTBOUND-NAT rule SNAT-OUTSIDE-IF match destination-address 0.0.0.0/0 set security nat source rule-set OUTBOUND-NAT rule SNAT-OUTSIDE-IF then source-nat interface All you need to add is a security policy allowing traffic from your internal ranges in the Inside zone to any address in the Outside zone. If you want, you can even match on source-address 0.0.0.0/0 so that if you add more subnets in the future, you won't have to touch the SNAT-OUTSIDE-IF rule. Ben _______________________________________________ juniper-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/juniper-nsp
