10-02-2009 02:23 AM
I have the following static nat configuration
Solved! Go to Solution.
10-02-2009 05:15 AM
Does the proxy-arp work? Does the the pc where you try the connection on get an arp reply? If so did you try a to trace a session?
To set the trace:
set security flow traceoptions file my_trace
set security flow traceoptions flag basic-datapath
set security flow traceoptions packet-filter filter1 sourece-prefix <sourip/32>
commit of course
To show the trace:
show log my_trace
10-02-2009 06:12 AM
can you try doing 'from zone untrust' instead of 'from interface fe-0/0/4' ?
See if that works . . . altho I don't see why it should matter if fe-0/0/4 is bound to untrust and traffic enters on that interface destined for your internal device.
also -- not sure if what you pasted was your entire from-zone untrust to-zone trust policy list, but if its not, make sure you put that permit_all rule before the default-deny rule