SRX Services Gateway
Posts: 12
Registered: ‎05-04-2011

Routing based vpn - default route

So here is the scenario:


I have a routing-based vpn between an srx and a fortigate, using unnumbered address on the tunnell. What I would like is to provide the default route for the remote network, i.e. NAT behind the same interface which is used for the unnumbered configuration.


I have source nat rules configured, but when tracing the flow, I can see the traffic leaving the correct interface, but it is not NAT'ed.


Does anyone know if this is possible, or if it might be possible to set up PBR with this configuration?

New User
Posts: 2
Registered: ‎01-19-2012

Re: Routing based vpn - default route

Yes its possible.


   st0 {
        unit 0 {
            family inet {
                mtu 1350;


routing-options {
    static {
        route next-hop st0.0;  ( this is the route for the VPN)
        route next-hop *.*.*.*/*


    nat {
        source {
            rule-set trust-to-vpn {
                from zone trust;
                to zone vpn;
                rule vpn-no-NAT {
                    match {
                    then {
                        source-nat {


 rule-set trust-to-untrust {
                from zone trust;
                to zone untrust;
                rule source-NAT-rule {
                    match {
                    then {
                        source-nat {






Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.