SRX

Hi Experts,

I have an SRX650 and this scenario: Subnet A (trust) internal, subnet B (untrust) external and I want to use subnet C to perform both source and destination NAT as untrust/external as well. Is it possible? I have read the NAT documentation and it does not say anything about this.

Thank you. 

Hi,

Do you mean to do both Source and Destination NAT?  If so refer to the following document on page 11 under "Double NAT"

http://kb.juniper.net/InfoCenter/index?page=content&id=TN81

Can you explain a little clearer if that is not the case.

Hi MMcD,

What I need is that when somebody requests access to a particular internal server through a public IP address, the real IP answers that request.

Also, other internal servers need access to Internet through another public IP address that belongs to the same public subnet.

My big doubt is if I can use a public subnet other than the subnet currently configured on the untrust port (that is private) and use it to NAT the way I mentioned above.

Regards! 

Hi,

Your requirement of using a different subnet (other than your outgoing interface network) for NAT purpose can be easily met.  If your ISP has allocated you a public subnet ,they will have routes for that public network with next-hop as your SRX. so any packets coming with this destination address from the internet can be destination NATed to internal address. and you can use another address from the same public pool for your source NAT requirments also, for providing internet access. 

Hope this helps