Screen OS

hey all, cant seem to get static translation to work.

basically, we want to NAT public IP 1.1.1.10 to private IP 10.10.10.10.

the public ip on the SSG is 1.1.1.1/24.

10.10.10.10 should use 1.1.1.10 on all outbound traffic and all allowed inbound traffic from the internet should be forwarded to 10.10.10.10.

configs are below (bgroup0 is the interface on the internal trust zone)

!

set address "Trust" "1.1.1.10" 1.1.1.10 255.255.255.255 "TEST"
set service "TEST" tcp src-port 0-65535 dst-port 23-23
set policy id 11 name "MAS90" from "Untrust" to "Trust"  "Any" "1.1.1.10" "TEST" nat dst ip 10.10.10.10 permit log
set policy id 11
set route 1.1.1.10/32 interface bgroup0
set route 1.1.1.10/32 interface bgroup0

any help would be appreciated.

Hi,

I would try configuring a MIP since I'm not a big fan of setting up the NAT via policy in less I have to.  Based on what you wrote, I think a MIP would work just fine.  This will handle the one-to-one NAT automatically (inbound/outbound).

set interface x/x mip 1.1.1.10 host 10.10.10.10 netmask 255.255.255.255 vr trust-vr

set policy from Untrust to Trust  MAS90 MIP(1.1.1.10) Telnet permit

Note: if needed, add the Trust to Untrust Policy accordingly.

I hope this helps.

-John

Anytime, I'm glad it's working.

Cheers.

agreed, problem is we do not have a MIP option in the GUI under Interface, Edit.

does the SSG20 and SS5 support MIP?