gt;> Sent: Friday, September 07, 2012 5:08 PM
>> To: Brent Jones
>> Cc: juniper-nsp@puck.nether.net
>> Subject: Re: [j-nsp] SRX Static NAT - Not working in both directions
>>
>> Brent, Patrick,
>>
>> Thanks for the replies.
>>
>> When I chan
uck.nether.net
> [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Oliver Garraux
> Sent: Friday, September 07, 2012 5:08 PM
> To: Brent Jones
> Cc: juniper-nsp@puck.nether.net
> Subject: Re: [j-nsp] SRX Static NAT - Not working in both directions
>
> Brent, Patrick,
>
> Thanks
r-nsp@puck.nether.net
Subject: Re: [j-nsp] SRX Static NAT - Not working in both directions
Brent, Patrick,
Thanks for the replies.
When I change the rule-set to apply to traffic from the user zone, I'm
seeing the same behavior. The source address on traffic from the desktop
(192.168.35.200)
Config for your security policy? Nat is only half of it.
Will
On Sep 7, 2012, at 6:09 PM, "Oliver Garraux" wrote:
> Brent, Patrick,
>
> Thanks for the replies.
>
> When I change the rule-set to apply to traffic from the user zone, I'm
> seeing the same behavior. The source address on traffic
Brent, Patrick,
Thanks for the replies.
When I change the rule-set to apply to traffic from the user zone, I'm
seeing the same behavior. The source address on traffic from the
desktop (192.168.35.200) out to the rest of the network isn't being
NAT'ed. I also can't initiate connections to 192.16
Try to apply the static NAT policy to zone 'user' and see how that goes.
On Fri, Sep 7, 2012 at 12:22 PM, Oliver Garraux wrote:
> Hey,
>
> I recently bought an SRX and have been trying the different NAT
> configuration options to become more familar with JunOS.
>
> Static NAT isn't operating quit
Hey,
I recently bought an SRX and have been trying the different NAT
configuration options to become more familar with JunOS.
Static NAT isn't operating quite as I'd expect from the documentation.
My understanding is that static NAT should be bidirectional, in that
it should translate connection
ch 02, 2011 9:36 PM
To: Bill Blackford
Cc: juniper-nsp
Subject: Re: [j-nsp] SRX Static NAT
> I remember doing a single line in screenos unless my recollection is off.
>
> On the Cisco ASA/PIX, it's a single line 'static (inside,outside)
> ' statement.
> Is there an e
> I remember doing a single line in screenos unless my recollection is off.
>
> On the Cisco ASA/PIX, it's a single line 'static (inside,outside)
> ' statement.
> Is there an equivalently efficient method on the SRX?
>
> Thank you in advance for any input.
>
>
Arp-proxy is needed to attract tr
Daloia Jr
Sent: Wednesday, March 02, 2011 4:51 PM
To: Scott T. Cameron; juniper-nsp@puck.nether.net
Subject: Re: [j-nsp] SRX Static NAT
Almost positive that proxy-arp is required for NAT on the SRX series if the
destination addresses is not assigned to the interface. Not in front of my gear
no
? :)
From: Scott T. Cameron
To: Daniel M Daloia Jr
Cc: "juniper-nsp@puck.nether.net"
Sent: Wednesday, March 2, 2011 8:04 PM
Subject: Re: [j-nsp] SRX Static NAT
I've got two srx3400 clusters that disagree with you about proxy-arp. :)
Scott
On Wed, Mar 2, 2011 at 7:
front of my
> gear now, but can lab it out tomorrow. As for the static NAT, two lines is
> necessary.
>
> -Dan
>
>
> - Original Message -
> From:Scott T. Cameron
> To:juniper-nsp@puck.nether.net
> Cc:
> Sent:Wednesday, March 2, 2011 7:12 PM
> Subject:Re:
. Cameron
To:juniper-nsp@puck.nether.net
Cc:
Sent:Wednesday, March 2, 2011 7:12 PM
Subject:Re: [j-nsp] SRX Static NAT
You should only need proxy-arp if your particular routing scenario requires
it. If all the IPs that you are answering for are routed to you, then
there's no need for proxy-arp.
Ho
You should only need proxy-arp if your particular routing scenario requires
it. If all the IPs that you are answering for are routed to you, then
there's no need for proxy-arp.
However, you'll still require 2 lines per static nat. One for the match,
and one for the action.
Scott
On Wed, Mar 2,
I am looking for a more efficient method to define/map several
scattered/non-contiguous static NATS. I can use pools to map ranges
for end user blocks, but this need is for publishing services
(servers) globally on a one by one basis.
ex.,
using the following method, I would need to make a separ
15 matches
Mail list logo
