SRX Services Gateway
Highlighted
SRX Services Gateway

1 -> 1 NAT with two public IPs

‎04-07-2015 07:28 PM

Hi,

 

I am looking to set up an SRX device tha will act as a VPN gateway. We plan on having gateways in all major cities. Clients will then be able to connect to the SRX and connect out as if hey are in that city. So say for instance a client wants to see how routing is done from Comcast in NYC they would connect to the SRX in NYC and do a trace route to their network. If they want to test a VoIP application their call would go out from this ISP. etc. The tricky part is if a client wants no NAT. What happens if a client wans to launch an app using a public IP but the IP is on the SRX. Is there any way of having a second IP on the box that they would some how connect to and the request would be seen as coming from the cable connection as if ther PC they are on has the public IP?

 

3 REPLIES 3
Highlighted
SRX Services Gateway

Re: 1 -> 1 NAT with two public IPs

‎04-07-2015 11:59 PM

Hi Dovi5988,

 

Your requirement is not very clear. Are you asking if you can have 2 IP address on SRX interface and use one Ip for VPN connection and other one for Internet access? If so we can configure 2 IP address and we can achieve what you are trying to do

 

set interfaces ge-0/0/0 unit 0 family inet address 1.1.1.1/30 primary
set interfaces ge-0/0/0 unit 0 family inet address 1.1.1.2/30

 

configure SNAT pool with one IP adnd use for internet connections.

 

set security nat source pool P1 address 1.1.1.2/32

 

Please ignore thi if I have misunderstood the requirement.

Thanks,
Suraj
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too
Highlighted
SRX Services Gateway

Re: 1 -> 1 NAT with two public IPs

‎04-09-2015 12:12 PM

Sorry for not being clear. Let me try to explain what we want to do. We have end users using multiple ISP's such as Verizon FiOS, Optimum, COX etc. This morning we had a problem where packets coming from Optimum were being tampered with and then being ignored becuase our SIP server was not able to understand them. What we want to do is have a Junos device in every major market that we serve connected to multiple internet providers so we can test out through each one and expireince the connection as if we are on that ISP. So in NYC we would orders services from:

TimeWarner

Verizon FiOS

VerizonDSL

RoadRunner

 

We would then some how connect to teh SRX and make phone calls and see how the call went (look at traffic captures at both ends). I know that I can use a VPN/NAT to connect to the SRX but we need to see how the traffic looks when it's as if the phone is on the public IP that is sitting on the SRX. My thought was to have another interface with a different connection and have the phone register and try to send a call to that IP, then have that IP send any traffic it gets say out via optimum to my servers but then I realizes how would the SRX know where to send the traffic to. Am i limited to creating a VPN tunnel and using NAT?

 

 

Highlighted
SRX Services Gateway

Re: 1 -> 1 NAT with two public IPs

‎04-09-2015 07:51 PM

Hi Dovi5988

 

There are two things you are lookign at .

1. connection to a client location through VPN (from NOC?)

2. NAT for outbound connection for above connection.

 

If VPN in pt. 1 is site to site, then pt.2 can be achieved simply by doing any NAT statement (use route based VPN)

However keep in mind the routing will be bit tricky.

Change default route from NOC to reach internet (atleast for specific PC) via VPN

 

If VPN is dynamic (junos pulse - Dynamic VPN) then i think you can do source NAT, not static (1->1)

 

IMHO better way would be to setup a test machine/VM/jump server at each location where you can remote to and test the issue.

 

 

 

regards,
Avd
JNCIE-SEC #320

Please Mark My Solution Accepted if you think it helped!