SRX Services Gateway
Reply
Contributor
CARD IT
Posts: 10
Registered: ‎07-25-2010
0
Accepted Solution

static nat on junos version version 10.2R3.10

static {

            rule-set static-nat {
                from routing-instance default;

 

 rule allow_mail {

                    match {

                        destination-address x.x.x.x/32;

                    }

                    then {

                        static-nat prefix y.y.y.y/32;

 {

}

 

 

destination {

            pool websrv{

                address a.a.a.a/32;

            }

            rule-set servers {

                from zone untrust;

                rule DC2 {

                    match {

                        destination-address b.b.b.b/32;

                    }

                    then {

                        destination-nat pool DC2;

                    }

                }

            }

        }

Our company is upgrading from 10.0R1.8 to the recommended version 10.2R3.10. The problem is when I upgraded the version, DNS query from the outside returns the private IP address of my servers instead of the public. I did some testing with my extra Juniper SRX 210 and found out that whenever I use static NAT, the DNS query from outside of our network resolves the private IP of the server. The Destination Nat resolves the public IP address from a DNS query from outside. 
The authoritative DNS server for the domain name is behind my juniper.

 

Trusted Expert
SSHSSH
Posts: 601
Registered: ‎11-21-2009
0

Re: static nat on junos version version 10.2R3.10

Disable DNS ALG & Check if this solves the issue

#set security alg dns disable

 

**************  Click on the button saying " Accept  as Solution"  if  My Post solved your problem  **************

 

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.