SRX

I am kind of new to working on Junos and am trying to configure a static NAT, which appears to be a lot different to configuring a MIP in ScreenOS. I am using the following config:

Hello there,

Are You using routing-instances?

If yes please add

set security nat static rule-set rs1 rule r1 then static-nat prefix 192.168.1.200/32 routing-instance default

 - if Your private prefix is in the global table, or

set security nat static rule-set rs1 rule r1 then static-nat prefix 192.168.1.200/32 routing-instance <table-name>

 - if Your private prefix is in a named routing-instance.

Then please re-test and report back.

HTH

Thanks
Alex

I gave it a go, but it would not commit the changes, I get the following error:

[edit security nat static rule-set test rule r1 then static-nat prefix routing-instance]
  'routing-instance master'
    Virtual router must be defined under [routing-instances]
[edit security nat static rule-set test rule r1 then static-nat prefix routing-instance]
  'routing-instance master'
    Routing-instance must be defined
error: commit failed: (statements constraint check failed)

This is the output from the show route instance command:

 show route instance
Instance             Type
         Primary RIB                                     Active/holddown/hidden
master               forwarding
         inet.0                                          17/0/0
         inet6.0                                         2/0/0

__juniper_private1__ forwarding
         __juniper_private1__.inet.0                     7/0/0

__juniper_private2__ forwarding
         __juniper_private2__.inet.0                     0/0/1

__master.anon__      forwarding

Is master not a routing instance? Sorry I am new to Junos.

Thanks,

Mark

Hello,

It has to be "routing-instance default" (for GRT/Global ROute Table) or a named Virtual Router instance:

http://www.juniper.net/techpubs/en_US/junos12.1/topics/reference/configuration-statement/security-edit-rule-set-static-nat.html 

HTH

Thanks

Alex