SRX Services Gateway
Reply
Contributor
jeppe
Posts: 12
Registered: ‎05-04-2011
0

Routing based vpn - default route

So here is the scenario:

 

I have a routing-based vpn between an srx and a fortigate, using unnumbered address on the tunnell. What I would like is to provide the default route for the remote network, i.e. NAT behind the same interface which is used for the unnumbered configuration.

 

I have source nat rules configured, but when tracing the flow, I can see the traffic leaving the correct interface, but it is not NAT'ed.

 

Does anyone know if this is possible, or if it might be possible to set up PBR with this configuration?

New User
djrodb
Posts: 2
Registered: ‎01-19-2012
0

Re: Routing based vpn - default route

Yes its possible.

 

   st0 {
        unit 0 {
            family inet {
                mtu 1350;

 

routing-options {
    static {
        route 10.118.0.0/16 next-hop st0.0;  ( this is the route for the VPN)
        route 0.0.0.0/0 next-hop *.*.*.*/*

 

    nat {
        source {
            rule-set trust-to-vpn {
                from zone trust;
                to zone vpn;
                rule vpn-no-NAT {
                    match {
                        source-address 10.118.73.160/28;
                        destination-address 10.118.0.0/16;
                    }
                    then {
                        source-nat {
                            off;

 

 rule-set trust-to-untrust {
                from zone trust;
                to zone untrust;
                rule source-NAT-rule {
                    match {
                        source-address 0.0.0.0/0;
                    }
                    then {
                        source-nat {
                            interface;

 

 

 

 

 

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.