SRX Services Gateway
Blogs
Discussion Forums
Programs & Events
turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Reply
Topic Options
Beantown
Visitor
Beantown
Posts: 9
Registered: ‎11-06-2008
0
Accepted Solution

How to port map with interface ip?

Options

‎06-03-2011 09:06 PM

ScreenOS made it quite easy for a small site that only had a dhcp assigned public ip for port mapping and/or destination-nat translations.

 

We've got a srx210 and are simply trying to find out how to convert this from ScreenOS to JunOS.

 

Any thoughts?

 

set interface ethernet4 vip interface-ip 50000 "securitycam1" 10.1.1.40

 

Ethernet4 is the untrust public interface on a 5GT with ISP issued dhcp address.

 

We are trying to make this work on ge-0/0/0 untrust zone interface of srx210, which also is assigned public dhcp address from ISP.

 



Message 1 of 2 (474 Views)
 
Reply
Beantown
Visitor
Beantown
Posts: 9
Registered: ‎11-06-2008
0

Re: How to port map with interface ip?

[ Edited ]
Options

‎06-03-2011 11:46 PM - edited ‎06-03-2011 11:51 PM

Got this working. Not sure what I was missing before, but it's sorted now.

Pasting here in case helps someone else...

 

    nat {

        destination {
            pool securitycam {
                address 10.1.1.40/32 port 50000;
            }
            rule-set untrust-to-trust {
                from zone untrust;
                rule securitycam-inbound-nat {
                    match {
                        destination-address 0.0.0.0/0;
                        destination-port 50000;
                    }
                    then {
                        destination-nat pool securitycam;
                    }
                }
            }
        }
    }
    policies {

        from-zone untrust to-zone trust {
            policy securitycam {
                match {
                    source-address any;
                    destination-address securitycam;
                    application securitycam;
                }
                then {
                    permit {
                        }
                    }
                }
            }
        }
    }
    zones {
        security-zone trust {
            address-book {
                address securitycam 10.1.1.40/32;
            }

}
applications {
    application securitycam {
        protocol tcp;
        destination-port 50000;
    }
}

 

Message 2 of 2 (470 Views)
 
Reply
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.