Message Image

Skip main navigation (Press Enter).

Screen OS

last person joined: 8 months ago

This is a legacy community with limited Juniper monitoring.

Back to discussions

Expand all | Collapse all

Route based NAT

Jump to Best Answer

Erdem06-08-2009 09:06

Is there a method of implementing route-based NAT in screenOS 6.1? I have a situation where I want traffic ...

Erdem06-08-2009 11:51Best Answer

Nevermind, I figured out how to do this. Use 2 VRs, inside and outside with corresponding zones. Create ...

1. Route based NAT

0 Recommend
Erdem
Posted 06-08-2009 09:06
Is there a method of implementing route-based NAT in screenOS 6.1? I have a situation where I want traffic behind the firewall to retain its native source IP address when routed to specific destination addresses and traffic taking the default route to be NATed (using MIP if possible).

I've configured a NAT-src/NAT-dst solution but it's adding additional complexity to my policy base. In my case the decision to NAT is based on destination IP but it seems that screenOS applies NAT on interface or policy. Any ideas?

TIA,
George
2. RE: Route based NAT
Best Answer

0 Recommend
Erdem
Posted 06-08-2009 11:51
Nevermind, I figured out how to do this. Use 2 VRs, inside and outside with corresponding zones. Create a loopback in the outside zone with MIP enabled and a default route to an upstream router. On the inside vr create a gateway route to the outside vr for the loopback IP. Create a PBR on the inside vr to direct desired traffic to the loopback where it gets NATed. The default route in the outside vr directs the traffic off the FW with the NAT'ed source IP. Add loopbacks and PBR's to suit individual requirements.

Thanks for listening!
George

Powered by Higher Logic