SRX

last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  Static NAT and no sourcenat between zones.

    Posted 06-27-2014 15:37

    Hi all,

     

    I have a problem whit my static nat setup and nat between internal zones.

     

    The traffic from untrust to dmz is working perfecly with the static nat.

     

    The problem i have is when the server in the dmz needs to talk with a server in the trust zone.

     

    Then the source IP from the server in the dmz is changed to the external IP of the source nat.

     

    How do i turn this off?

     

     



  • 2.  RE: Static NAT and no sourcenat between zones.

    Posted 06-27-2014 18:54

    Hi Kenneth,

     

    [edit security nat source]
    root# show
    rule-set test {
        from zone DMZ;
        to zone Trust;
     rule 1 {
            match {
                source-address dmz server ip;
                destination-address trust server ip;
            }
            then {
                source-nat {               
                    off;

     

    This Rule has to be TOP in the rule set.

     

    Regards,

    rparthi

     

    [Please mark it as Accepted Solution if it works, Kudos if you like]



  • 3.  RE: Static NAT and no sourcenat between zones.
    Best Answer

    Posted 06-28-2014 03:22

    Static nat is designed to nat both directions.

     

    If you only need destination nat from trust to dmz then use the destination nat feature directly. See Tech Note 81 for examples.

     

    http://kb.juniper.net/InfoCenter/index?page=content&id=TN81



  • 4.  RE: Static NAT and no sourcenat between zones.

    Posted 06-30-2014 10:21

    Hi,

     

    I changed to destination nat and got it to work.

     

    Thanks for the replys.

     

    \\

    Kenneth