SRX Services Gateway
Reply
GRJ
Contributor
GRJ
Posts: 36
Registered: ‎08-08-2012
0

Re: NAT and security policis etc.

Hello again,

 

can you point me in the right direction, on where my destination nat goes wrong, i would apressiate

it a lot..

 

At the moment i am trying all posibillities, but it takes a while.. :smileyhappy:

 

I just can not figure out if i need som kind of route for inboud traffic internet->130.185.128.145->10.3.1.113,

or it knows the route as i have a virtual route the other way trust->untrust.

 

Do i have to create a firewall rule for inbound traffic attach a virtual ruter. ???

 

I you know of an example with a destination nat and a virtual router inbound and outbound, great i just

cant find it... :smileyhappy:

 

 

Kind regards

Gert

 

 

 

Super Contributor
johnrbaker
Posts: 210
Registered: ‎02-17-2011
0

Re: NAT and security policis etc.

Hi

 

Do your "customers/user" have private or public addressing?

 

I am not going to try to fix your config.  I will write you a nice clean config(assuming that you are running private adressing and no .1Q tagging).

 

1. I need the interface that you use for your WAN connection and how it connects to the internet.  Does the SRx get its IP via DHCP?  How many public IP addresses do you have/

2. For each "Customer/User" that you want to have seperate networks, let me know their IP address range (private), and what IP SRX  needs.

3.  If you need any DST NAT rules, then let me know the external IP and the internet Ip that it needs to go to.  protocol and port number on both sides.

 

 

Customer/User 1

Ports on SRX that you want to allocate

SRX LAN IP/Prefix

 

Customer/User 2

Ports on SRX that you want to allocate

SRX LAN IP/Prefix

 

WAN Information

IP and interface that you want to use

 

Any other routes that you need, excliding any directly connected (private IP) subnets.

 

The policy will allow each customer out to the internet, but not to each other.

 

If not, then I suggest finding a Juniper partner and purchasing a their service to setup your SRX.

 

Super Contributor
johnrbaker
Posts: 210
Registered: ‎02-17-2011
0

Re: NAT and security policis etc.

Hi

 

I have created, but not tested, an example config for you.

 

You will need to check the IP addresses ranges and interface assignement, plus making sure that you add your roou-authentication line.

 

It has been setup for two customers, plus a default network, to go to the internet, but not each other.  RDP has been setup to an internat IP address on CUSTOMER1 network.

 

I hope this helps.

GRJ
Contributor
GRJ
Posts: 36
Registered: ‎08-08-2012
0

Re: NAT and security policis etc.

Hello John,

 

Thank you,

 

i will try your config, and thank you for you effort, but you are right i will try a local juniper partner, monday.

 

But before that i will try your config :smileyhappy:

 

I just change customer1 and customer2 to have the same ip range (192.168.1.0/24 ) and have a go, then i will see

if i can change the internet adapter for customer1 to be ge-0/0/15 and for customer2 ge/0/0/14.

the entire setup has to be seperate nics and vlans and customer1 and customer2 do have the same vlan, so

i can not seperate them just using routes.. :smileyhappy:

 

Kind regards

Gert

 

 

 

 

 

 

 

 

 

 

 

 

GRJ
Contributor
GRJ
Posts: 36
Registered: ‎08-08-2012
0

Re: NAT and security policis etc.

Sorry,

 

customer1 and customer2 do NOT have the same vlan, they have the same IP range (192.168.1.0)..

 

Kind regards

Gert

Super Contributor
johnrbaker
Posts: 210
Registered: ‎02-17-2011
0

Re: NAT and security policis etc.

Hi

You first post did not indicate that you had your customers on one subnet. Your first post was about RDP and NAT.

Can I suggest that when you contact a juniper partner, you detail your exact requirements and network topology.

My first config had vpn, multiple networks, and destination NAT setup. By the sound of it, it may be closer to your requirements.
GRJ
Contributor
GRJ
Posts: 36
Registered: ‎08-08-2012
0

Re: NAT and security policis etc.

Hello,

 

yes i can see that now when i read i again, i am sorry i was not clear,

i have attached a pdf file with the network.

 

what i was trying to say that i have it working from inside out, now i just want to publish

1-2 servers..

 

 

Kind reagrds

Gert

 

 

Super Contributor
johnrbaker
Posts: 210
Registered: ‎02-17-2011
0

Re: NAT and security policis etc.

So you have two internet IP addresses, in same subnet range.

You have two internal service with rdp and http that you want destination NAT setup.

If they are for different customers, then they should be on separate IP networks and interfaces.

Please can you provide more detail and context when you speak to the partner.

GRJ
Contributor
GRJ
Posts: 36
Registered: ‎08-08-2012
0

Re: NAT and security policis etc.

Yes i will do, thanks.

 

Kind regards

Gert

GRJ
Contributor
GRJ
Posts: 36
Registered: ‎08-08-2012
0

Re: NAT and security policis etc.

Got it to work yesturday.. :smileyhappy:

 

I just hat to put in which nic the vr was attached...

 

Kind regards

Gert

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.