Hi, @Novartis.
First, please confirm that you are indeed attempting to manage the box via the 88.xxx.xxx.xxx/32 IP address.
Second, if you are, what I actually meant was something more akin to the following:
root# show | compare
[edit security]
+ nat {
+ destination {
+ pool dnat-pool-1 {
+ address 10.80.36.253/32;
+ }
+ rule-set dst-nat {
+ from zone untrust;
+ rule remote-mgmt {
+ match {
+ destination-address 88.88.88.88/32;
+ destination-port 23;
+ }
+ then {
+ destination-nat {
+ off;
+ }
+ }
+ }
+ rule else-dst-nat {
+ match {
+ destination-address 88.88.88.88/32;
+ }
+ then {
+ destination-nat {
+ pool {
+ dnat-pool-1;
+ }
+ }
+ }
+ }
+ }
+ }
+ }
[edit]
I'm not able to test the above, but that _should_ let you telnet to port 23. Change the destination-port to 22 for ssh access. Also, this depends on you correctly setting the appropriate zone to allow the appropriate inbound host traffic (ssh, telnet, etc as necessary).