SRX

I am trying to figure out how to make a one to many destination NAT rule with noncontiguous internal addresses.

Basicly I have one public IP address and two internal. I need to create simple loadbalancing across those two internal IP addresses on port 80 and 443.

When creating a destiantion nat pool it seems i can only create contiguous address pools. Is it possible to make noncontiguous pools? Or do I need to do it some other way?

Thanks

Hello ,

In destination NAT pool , we can either add an IP address or address range . We cannot add noncontiguous IP address . It will override each other .

If you wanted to load balance between same IP on different ports ( 80 & 443 ) you can try creating 2 different NAT pool and creat 2 different rule . One for 80 and another for 443 .

eg :

set security nat destination pool test-1 address 192.168.1.2
set security nat destination pool test-2 address 192.168.1.3

set security nat destination rule-set test from zone untrust
set security nat destination rule-set test rule 1 match destination-address 1.2.3.4/32
set security nat destination rule-set test rule 1 match destination-port 80
set security nat destination rule-set test rule 1 then destination-nat pool test-1

set security nat destination rule-set test rule 2 match destination-address 1.2.3.4/32
set security nat destination rule-set test rule 2 match destination-port 443
set security nat destination rule-set test rule 2 then destination-nat pool test-2

Hi Joses,

Thanks for the quick reply.

I figured it wouldnt be possible to make them noncontiguous. I cant load balance on ports as they are two different sites running on the same server and both sites hould be available on both servers.

So as i understand it the only solution if I absolutely must loadbalance between the two servers is to change their IP addresses so they are contiguous.

Hello ,

Your understanding is correct .