SRX

last person joined: 18 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  Behavior with Vsrx Firefly - SOURCE NAT With Pool utilization

    Posted 05-17-2014 04:32

    Hi,

     

    From the below configuration,

     

    [edit]
lab@srx1# show security nat
source {
    pool 1 {
        address {
            172.18.1.3/32 to 172.18.1.4/32;
        }
    }
    rule-set 2 {
        from interface ge-0/0/4.101;
        to zone untrust;
        rule 3 {
            match {
                source-address 172.20.101.0/24;
            }
            then {
                source-nat {
                    pool {
                        1;
                    }
                }
            }
        }
    }
}
 


This Nat configuration with 172.18.1.3 and 172.18.1.4 NAT IP's are accepted if these address are configured on the interface

lab@srx1# show interfaces ge-0/0/3.0
family inet {
    address 172.18.1.2/24;
    address 172.18.1.3/24;
    address 172.18.1.4/24;
}

     

     

     

    As far as my Pool understanding goes with Any NAT pool, the Pool of Addresses may not necessarily present on the system bearing one ip facing the NAT interface.

     

    Is this the default behaviour with Junos-SRX or sort of bug with Firefly ? I do not have a SRX handly to replicate the problem

     

    Thank



  • 2.  RE: Behavior with Vsrx Firefly - SOURCE NAT With Pool utilization
    Best Answer

    Posted 05-17-2014 04:52

    Never Mind ! I had to configure Proxy-arp for ARP Response Packets

     

    It is solved now

     

    Thanks