SRX

I am having a issue due to the fact that Junos doesn't support multiple ports using destination NAT. I have several servers that I'm using destination NAT for, but one requires several ports to function. It would require me to create 1000+ pools and rules to make this work. So what I did was set a pool and rule using no port to allow all traffic to that device and setup security policies to allow the needed ports. Unfortunatly this configuration causing issues with VPN tunnels. It there a way to either setup multiple ports for D-NAT or setup D-NAT to passthrough port 500(junos-ike) and 259(CheckPoint Encryption)?

Thanks,

Hi

You can make exceptions like

        rule 10 {
            match {
                destination-address 0.0.0.0/0;
                destination-port 500;
            }
            then {
                destination-nat off;
            }
        }

And another rule for port 259. This rules should be at the top of the list, before your general rule.

Please tell me if this solves your problem.

That's a great idea! I didn't even think about that. I'll give it a try and let you know.

Thanks,