Screen OS

last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  nat question

    Posted 11-20-2015 06:33

    Hello,

     

    Have a unique request here.

     

    We have a need/request to achieve the following with nat.

     

    We have external /24 that is sending traffic to a server on the trust side of our firewall. We need to make that /24 gets nated to one IP before it hits our server on the trust side. But, we need to do that on our firewall..

     

    so i need to make that /24 and src nat it to one IP on the trust side if our firewall before it gets to the destination IP on the trust side of my firewall.

     

    I tried with a dip but does not seem to work.

     

    So -->/24 ---> dest-ip --> nat-src dip-id 1

     

    the dest-ip and the dip ip are both IPs on the trust side of my firewall. can this be done?

     

    I hope that makes sense.

     

    Thanks.

     

     



  • 2.  RE: nat question
    Best Answer

    Posted 11-20-2015 09:09

    That should be possible using DIP.  Did you create the DIP on the trust interface?  The DIP has to be configured on the egress interface, which in this case would be the trust interface.



  • 3.  RE: nat question

    Posted 11-20-2015 10:11

    yeah thats what I thought. It looks like I was fat fingering my commands when trying to do it on the Trust interface. So I thought it was not avail. on the trust.

     

    But now that I type the correct interface I can finish the dip commands. 

     

    Thanks for clerifying that for me.

     

    Let me test and I will reply with results. Thanks you



  • 4.  RE: nat question

    Posted 11-24-2015 06:49

    Thanks that was it. working perfect.

     

    Thanks