Dear all,
I got a problem and my Dest-NAT setting is not working. Could you please show me how to fix. Thank you so much!
model: SRX210HE, JUNOS 11.4R5.5
scenario:
any connection w/ port 80 ---> 20X.175.X.220 ---> NAT ---> web server 10.20.32.7/32
ISP ADSL modem (20X.175.X.217/27) connected to SRX210 port ge-0/0/0.0 (Untrust).
Assigned 20X.175.X.219/27 to ge-0/0/0.0 & ge-0/0/1.0 as Trust (10.20.32.1/20).
Destination-NAT that outside can access my web server (10.20.32.7/32).
Confirmed that all internal computers & web server can access the internat from Trust to Untrust.
---------------------------------------------------
nat {
destination {
pool mypool {
address 10.20.32.7/32;
}
rule-set rs1 {
from zone untrust;
rule r1 {
match {
dstination-address 20X.175.X.220/32;
}
then {
destination-nat pool mypool;
}
}
}
}
}
policies {
from-zone untrust to-zone trust {
policy p1 {
match {
source-address any;
destination-address web_server;
application any;
}
then {
permit;
}
}
}
}
zones {
security-zone trust {
address-book {
address web_server 10.20.32.7/32;
}
}
security-zone untrust {
address-book {
address www 20X.175.X.220/32;
}
}
}
#210destNAT