SRX

Hello,

I have a nat issue on my router regarding the configuration. I use a nat pool of 10 addresses for source nat. For some applications (sso services) on the outside it is not working at all. I figured out that the gateway doesn't use the same ip address at each step of the authentication process (which fails).

Using an address pool with a single address for my station I can login without any issue. After reading the documentation I assumed that I need to configure the address-pooling paired option but this comand is not available on the gateway.

show version
Hostname: mti-rtr
Model: srx550
JUNOS Software Release [12.1X44-D35.5]

#set security nat source pool internet-public ?
Possible completions:
> address Add address to pool
+ apply-groups Groups from which to inherit configuration data
+ apply-groups-except Don't inherit configuration data from these groups
description Text description of pool
> host-address-base The base of host address
> overflow-pool Specify an overflow pool
> port Config port attribute to pool
> routing-instance Routing instance

Is the software too old to support this feature ? How can I change the behavior ?

Thank you

I beleive the option you are looking for on the nat pool is address-persistent as shown in Scenario 2 of this kb article.

http://kb.juniper.net/InfoCenter/index?page=content&id=KB20711

Scenario 2 – Source address NAT + address-persistent

Source address of each session from the same host is translated into the same address from the NAT pool.

Thank you that does the trick !