SRX

last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  static nat on junos version version 10.2R3.10

    Posted 01-21-2011 10:09

    static {

                rule-set static-nat {
                    from routing-instance default;

     

     rule allow_mail {

                        match {

                            destination-address x.x.x.x/32;

                        }

                        then {

                            static-nat prefix y.y.y.y/32;

     {

    }

     

     

    destination {

                pool websrv{

                    address a.a.a.a/32;

                }

                rule-set servers {

                    from zone untrust;

                    rule DC2 {

                        match {

                            destination-address b.b.b.b/32;

                        }

                        then {

                            destination-nat pool DC2;

                        }

                    }

                }

            }

    Our company is upgrading from 10.0R1.8 to the recommended version 10.2R3.10. The problem is when I upgraded the version, DNS query from the outside returns the private IP address of my servers instead of the public. I did some testing with my extra Juniper SRX 210 and found out that whenever I use static NAT, the DNS query from outside of our network resolves the private IP of the server. The Destination Nat resolves the public IP address from a DNS query from outside. 
    The authoritative DNS server for the domain name is behind my juniper.

     



  • 2.  RE: static nat on junos version version 10.2R3.10
    Best Answer

    Posted 01-22-2011 11:20

    Disable DNS ALG & Check if this solves the issue

    #set security alg dns disable

     

    **************  Click on the button saying " Accept  as Solution"  if  My Post solved your problem  **************