I have successful to build up a DIP which can translate my internal IP to external IP pool. E.g
192.168.80.0/24 ---> 184.108.40.206 ~ 25
Although the internal IP can access to Internet. However, sometime the Internet are require to trace back to check is it my host is available not, but its fail because it could not ping back for those external IP. Is it true and how can I enable it?
To only allow pings the example would look like this:
set interface ethernet0/0 zone trust set interface ethernet0/1 zone untrust set interface ethernet0/1 ip 220.127.116.11/24 set arp nat-dst set address untrust server-pub 18.104.22.168/32 set policy from untrust to untrust any server-pub "PING" nat dst ip 192.168.1.100 permit