SRX

last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  ipsec vpn always nat

    Posted 10-21-2015 05:40

    Hi,

     

    I have two ipsec vpns between two srx and traffic between the networks behing those routers is somehow nated with the vpns ip, how can I set the juniper not to nat the traffic over the ipsec vpn ?

     

    10.1.0.0/16 - LAN | juniper | - sr0.0 172.16.0.1/30 <-> sr0.0 172.16.0.2/30 | juniper | - 10.2.0.0/16

     

    --

    Dan



  • 2.  RE: ipsec vpn always nat
    Best Answer

     
    Posted 10-21-2015 05:50

    Hello Dan ,

     

    Its simple , Just create a source NAT rule with following term :         

     

    source {
                rule-set test {
                    from zone XXXX;
                    to zone YYYYt;
                    rule Slough_LAN-to-Untrust-SNAT {
                        match {
                            source-address 10.1.0.0/16;
                            destination-address 10.2.0.0/16;
                        }

              then {
                            source-nat {
                               off ;
                            }
                        }
                    }
                }

     

     

    And make this rule  on top of the existing NAT rule  so that It will be preferred . ( Keep in mind that the NAT rule are traverses as per the order  ) .