Screen OS

last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  Nat src to untrust zone with hide nat ip inside range trusted zone

    Posted 10-30-2009 01:39

    Hi Guys,

     

    I have a question regarding nat src. We are using 6.1r6.

     

    We are in a migration scenario and we need do to nat src from a trusted zone to an untrusted zone.

    The src address must be hide natted to a ip address that falls in the range of the trusted zone.

     

    Can you configure extended ip that is the same as an ip on the trusted int?

    perhaps an option is to use loopbacks and bind them to the untrust int? Can the loopbnack use a /32 that fall in the /24 of the trusted int?

     

    Any input is much appreciated.

     

    Tnx,

     

    Bart


    #NAT
    #src
    #ip
    #ranges
    #overlapping


  • 2.  RE: Nat src to untrust zone with hide nat ip inside range trusted zone

    Posted 10-30-2009 06:43
    I did a quick check and from what I can see the ext dip works for me. /m


  • 3.  RE: Nat src to untrust zone with hide nat ip inside range trusted zone

    Posted 10-30-2009 07:47

    monkey,  is this the type of config you validated ?:

    set interface ethernet0/1 zone trust
    set interface ethernet0/1 ip 194.1.1.1/24
    set interface ethernet0/1 nat
    set interface ethernet0/3 zone untrust
    set interface ethernet0/3 ip 195.1.1.1/24
    set interface ethernet0/3 route
    set interface ethernet0/3 ext ip 194.1.1.1 255.255.255.0 dip 5 194.1.1.100

     

    set policy from trust to untrust any any any nat src dip-id 5 permit

     

    tnx



  • 4.  RE: Nat src to untrust zone with hide nat ip inside range trusted zone
    Best Answer

    Posted 10-30-2009 07:54

    yes

     

    /m