07-13-2017 01:31 AM
Sorry I am not expert of Juniper so need some help setting up NAT pool for DMZ network.
I have internet access with SP and they give me public network transit of /29 to use between their network and my side. I am using Cisco Layer 3 switch using "no switch port" to configure this transit subnet. I am running BGP using private AS number given by the SP. that layer 3 switch also running OSPF internally and to the Juniper SRX 4100 Firewall interface. I have allocated with /25 public IP subnet to use for NAT purposes for my SRX and for DMZ. I need help in configuring this please, all the traffic which will leave from DMZ should have one PAT address from this allocated NAT pool and I do require some Static NAT for some of web servers. there is also a proxy server sitting the DMZ which will also require static NAT. The network between Internet Layer 3 switch and SRX Firewall is private on OSPF.
Could anybody please help me sorting out required configuration.
07-16-2017 05:13 PM
This kb document outlines the common NAT scenarios for you.
Source NAT options on page 3 and following
Static NAT on page 13
Senior IP Engineer - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
JNCIA-Junos JNCIS-SEC JNCIP-SEC JNCSP-SEC
JNCDA JNCDS-DC JNCDS-SEC
ACE PanOS 6 ACE PanOS 7