SRX

last person joined: 18 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  NAT over route based vpn

    Posted 01-12-2016 15:25

    I have a route based vpn setup between our SRX and a client's router.  Both IKE and IPSEC are up and good, however I am unable to reach the client's network, we're unable to ping any of the devices on their side.  They said we need to setup a nat on the vpn tunnel on our side in order for us to reach their network.  Our network is 10.1.1.0/24  and the client's network is 10.60.0.0/24. Client said we needed a network address of 10.40.0.0/27.

     

    How do I setup a nat to change our 10.1.1.0/24 into 10.40.0.0/27 (ie. 10.1.1.10 becomes 10.40.0.10)?  If you can include the set commands to setup this nat that would be much appreciated.  Currently our 10.1.1.0/24 network is apart of the trust zone and the st.0.2 interface is in the vpn zone.

     

    Thanks!



  • 2.  RE: NAT over route based vpn
    Best Answer

     
    Posted 01-13-2016 00:35

    Hello ,

     

    PFA :

     

    set security nat source pool pool1 address 10.40.0.0/27
    set security nat source rule-set test-1 from zone trust
    set security nat source rule-set test-1 to zone vpn
    set security nat source rule-set test-1 rule 1 match source-address 10.1.1.0/24
    set security nat source rule-set test-1 rule 1 then source-nat pool pool1



  • 3.  RE: NAT over route based vpn

    Posted 01-13-2016 07:18

    Thanks Jose it's working now.