Hello, all. I am trying to configure my SRX as my internet gateway. My current Topology is :
I have put the following configuration in my SRX per reading my SRX Book. (I have xxxd out some ips and passwords)
version 12.1R7.9;
system {
host-name Internet_Gateway;
root-authentication {
encrypted-password "xxxxxxxxxxxxx"; ## SECRET-DATA
}
name-server {
8.8.8.8;
208.xx.222.xxx;
208.xx.220.xxx;
}
services {
ssh {
protocol-version v2;
}
web-management {
https {
system-generated-certificate;
interface vlan.100;
}
}
dhcp {
pool 192.168.1.0/24 {
address-range low 192.168.1.50 high 192.168.1.200;
default-lease-time 3600;
router {
192.168.1.1;
}
propagate-settings ge-0/0/0.0;
}
}
}
ntp {
server 192.xxx.xxx.0;
server 192.xxx.xxx.xx8;
}
}
interfaces {
interface-range interface-trust {
member fe-0/0/2;
member fe-0/0/3;
member fe-0/0/4;
member fe-0/0/5;
member fe-0/0/6;
member fe-0/0/7;
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
ge-0/0/0 {
description Internet_Link;
unit 0 {
family inet {
dhcp {
update-server;
}
}
}
}
ge-0/0/1 {
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
members vlan-trust;
}
}
}
}
fe-0/0/2 {
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
members vlan-trust;
}
}
}
}
fe-0/0/3 {
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
members vlan-trust;
}
}
}
}
vlan {
unit 100 {
family inet {
address 192.168.1.1/24;
}
}
}
}
security {
nat {
source {
rule-set internal-to-internet {
description "NAT anything from trust zone to untrust (LAN to Internet)";
from zone trust;
to zone trust;
rule internet-access {
match {
source-address 0.0.0.0/0;
destination-address 0.0.0.0/0;
}
then {
source-nat {
interface;
}
}
}
}
}
}
policies {
from-zone trust to-zone untrust {
policy defaul-permit {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
}
zones {
security-zone untrust {
description "Internet Link - DHCP Configured";
interfaces {
ge-0/0/0.0 {
host-inbound-traffic {
system-services {
dhcp;
}
}
}
}
}
security-zone trust {
description "Local Area Network";
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
vlan.100;
fe-0/0/2.0;
ge-0/0/1.0;
fe-0/0/3.0;
}
}
}
}
vlans {
vlan-trust {
vlan-id 100;
l3-interface vlan.100;
}
}
Where am I going wrong? I am completely stumped!
Thanks!