Hi,
Today i got a chance to test my proposed config on a SRX220 running Junos 11.2R1.10 . Found something interesting .
It was working fine but you need to add the IP address (that you want to be new source address post NAT) at the last. I mean ,
If you define your pool in the following order , it will take 9.1.1.1 only
set security nat source pool p1 address 10.1.1.1/32
set security nat source pool p1 address 9.1.1.1/32
and if you change the order like below , it will take 10.1.1.1
set security nat source pool p1 address 9.1.1.1/32
set security nat source pool p1 address 10.1.1.1/32
Note : For traffic testing purpose , i have changed the destination ports to 80,23 and 80 in rules 1,2,3 respectively
.
[edit]
root@SRX#
root@SRX# run show security flow session protocol tcp
Session ID: 941, Policy name: default-policy-00/2, Timeout: 14, Valid
In: 10.10.10.10/49191 --> 192.168.10.1/23;tcp, If: ge-0/0/0.0, Pkts: 2, Bytes: 104
Out: 192.168.10.1/23 --> 10.1.1.2/49191;tcp, If: ge-0/0/1.0, Pkts: 0, Bytes: 0
Session ID: 942, Policy name: default-policy-00/2, Timeout: 16, Valid
In: 10.10.10.10/49192 --> 172.16.10.10/80;tcp, If: ge-0/0/0.0, Pkts: 2, Bytes: 104
Out: 172.16.10.10/80 --> 10.1.1.3/49192;tcp, If: ge-0/0/1.0, Pkts: 0, Bytes: 0
Session ID: 943, Policy name: default-policy-00/2, Timeout: 18, Valid
In: 10.10.10.10/49193 --> 192.168.10.1/80;tcp, If: ge-0/0/0.0, Pkts: 2, Bytes: 104
Out: 192.168.10.1/80 --> 10.1.1.1/49193;tcp, If: ge-0/0/1.0, Pkts: 0, Bytes: 0
Total sessions: 3
and if your pool addresses (10.1.1.1,10.1.1.2 and 10.1.1.3) are in the same network of your outgoing interface, you need to add proxy-arp for those addresses ( here you don't need to add the proxy for the dummy addresses) .
Hope this helps