SRX Services Gateway
Showing results for 
Search instead for 
Do you mean 
Posts: 12
Registered: ‎05-04-2011
0 Kudos

Routing based vpn - default route

So here is the scenario:


I have a routing-based vpn between an srx and a fortigate, using unnumbered address on the tunnell. What I would like is to provide the default route for the remote network, i.e. NAT behind the same interface which is used for the unnumbered configuration.


I have source nat rules configured, but when tracing the flow, I can see the traffic leaving the correct interface, but it is not NAT'ed.


Does anyone know if this is possible, or if it might be possible to set up PBR with this configuration?

New User
Posts: 2
Registered: ‎01-19-2012
0 Kudos

Re: Routing based vpn - default route

Yes its possible.


   st0 {
        unit 0 {
            family inet {
                mtu 1350;


routing-options {
    static {
        route next-hop st0.0;  ( this is the route for the VPN)
        route next-hop *.*.*.*/*


    nat {
        source {
            rule-set trust-to-vpn {
                from zone trust;
                to zone vpn;
                rule vpn-no-NAT {
                    match {
                    then {
                        source-nat {


 rule-set trust-to-untrust {
                from zone trust;
                to zone untrust;
                rule source-NAT-rule {
                    match {
                    then {
                        source-nat {