Hi all,
I have an unusual setup with a SSG-140, but this is doable with most profesional hardware (that I know of) so I don't see why it wouldn't work on a Juniper. (Searched the forum, but couldn't find any simular issues).
The situation is as following;
1. I have eth0/0 setup for ISP1 (1.1.1.1), configured as route, it's part of the zone untrust, for the virtual router untrust-vr
2. I have eth0/1 setup for ISP2 (2.2.2.2), configured as route, it's part of the zone "untrust company b", for the virtual router untrust-vr-company-b
3. I have eth0/4 setup for the LAN (10.0.0.0/16), configured as NAT, it's part of the zone trust, for the virtual router trust-vr
4. I have eth0/5 setup for the LAN (192.168.1.0/24), configured as NAT, it's part of the zone "trust company b", for the virtual router trust-company-b.
Everything works as it should, until we get to the NAT-part. When I am on the network connected to eth0/4, everything works as it should. I can browse the internet and do everything I want as far as I allow by policies and etc.
On the subnet of Company B however, nothing works. So I entered debugging and I did saw packages going out on eth0/2. Then I connected my computer to eth0/2 and started wireshark. For some reason, packages do come out, but not NAT-ed from the ip from the router (thus 2.2.2.2), but from the source ip (192.168.1.10).
This of course will never get any answer from anywhere, as these packages are simply discarded by the next-hop router.
Any ideas on how to comfigure this correctly anyway?