SRX

last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  SRX3k source Nat with pat behaviour

    Posted 11-24-2015 14:01

    hi expert

    question about nat overloading and port range allocation. In case of depletion of port range for a public ip in a pool address space does the srx choose the next available ip in that pool? 

     

    My lab test has shown that when a private ip reach the available port space for a specif public ip the device does not alloccate any other ip for nat. I would like to know if this is an expected behaviour.

     

    thanks in advance for help

     

    ciao



  • 2.  RE: SRX3k source Nat with pat behaviour

    Posted 11-24-2015 14:24

    Hello,

    I hope You use NAT with a pool with at least 2 IPs, and not interface-based NAT?

    Do You have "address-persistent" configured?

    https://www.juniper.net/techpubs/en_US/junos12.3x48/topics/concept/nat-security-source-persistent-address-understanding.html 

    If yes+no+yes then this is expected behaviour.

    HTH

    Thx

    Alex



  • 3.  RE: SRX3k source Nat with pat behaviour

    Posted 11-24-2015 21:46
    Hello Alex
    yes I am implementing source nat with a pool of address (at least /28) and I use address-persistent.

    So this is an expected behaviour? Because the doc is not so clear.

    Thanks


  • 4.  RE: SRX3k source Nat with pat behaviour
    Best Answer

    Posted 11-25-2015 00:06

    Hello,

     

    @a.quisillo wrote:
    Hello Alex
    yes I am implementing source nat with a pool of address (at least /28) and I use address-persistent.

    So this is an expected behaviour? Because the doc is not so clear.


    Yes it is.

    HTH

    Thx

    Alex