SRX Services Gateway
Highlighted
SRX Services Gateway

Adding a Port Range to NAT

‎09-30-2013 02:56 AM

 

I have a customer with a clustered SRX240.

They have two connections from two different ISP's with different IP ranges assigned to them from each ISP.

 

They run several different Video Stream services that require different port ranges to be open to multiple different servers.

 

We got it working for one set of IP addresses using Static NAT but need a solution to flip this over on to their backup set of IP addresses.

 

An example of one static entry:

 

 

rule VideoStream1 {
match {
destination-address 1.2.3.4/32;
destination-port 2000 to 2100;
}
then {
static-nat {
prefix {
192.168.1.1/32;
mapped-port 2000 to 2100;
routing-instance default;
}
}
}
}

 

We can't add a second static NAT obviously and we can't do ranges in destination NAT?

 

Has anyone any thoughts on this?

 

Thanks in advance!

 

 

 

3 REPLIES 3
SRX Services Gateway

Re: Adding a Port Range to NAT

‎09-30-2013 03:15 AM

Hi

 

Yes you can do ranges with Destination NAT.

 

You have to setup an application/service and address book.

Then bring the IP via dnat, make a policy for the services/application.. attached it to the address book and permit.

 

Highlighted
SRX Services Gateway

Re: Adding a Port Range to NAT

‎09-30-2013 03:25 AM

Thanks CMIA,

 

Wouldn't this only work though if I have different IP's for each service?

 

 

 

Highlighted
SRX Services Gateway

Re: Adding a Port Range to NAT

‎09-30-2013 05:09 AM

You can use single ip's to open up multiple port ranges.

 

The Application/service/address book will set the port type.. and range.

 

best thing to do is..

 

Proxy ARP the IP's

Set destination nat

setup sorce nat.

 

 

Feedback