SRX

last person joined: 3 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  Dynamic destination NAT

    Posted 01-23-2012 07:49

    For Dynamic destination nat , if (for example) i have only one server on the inside with multiple services (ports) , is it possible to map the destination ip/port connection coming from outside to a ip/port (specific service) on the inside server ?

     

    as i understand , the ip selection of the pool is dynamic with no specific mapping.

     

    elaboration : 

     

    Pool A : 

     

    10.10.10.10 port 80

    10.10.10.10 port 22

    10.10.10.10 port 23

     

    for example i need to translate packets coming from outside with a destination ip 100.100.10.1 port 8080 to 10.10.10.10 port 80 and select this specific entry out of the pool. Is this possible without using Static Destination nat ?

     

    Thanks , 

     



  • 2.  RE: Dynamic destination NAT
    Best Answer

    Posted 01-23-2012 11:17

    Hi

     

    Yes you are right. But you can make multiple pools with ports and with multiple destination nat rules with in the rule-set instead of using static NAT. Below is the example.

     

    set security nat destination pool pool-1 address 10.10.10.10/32
    set security nat destination pool pool-1 address port 80

    set security nat destination pool pool-2 address 10.10.10.10/32
    set security nat destination pool pool-2 address port 22

    set security nat destination pool pool-3 address 10.10.10.10/32
    set security nat destination pool pool-3 address port 23

    set security nat destination rule-set dst-nat from zone Untrust
    set security nat destination rule-set dst-nat rule rule-1 match source-address 0.0.0.0/0
    set security nat destination rule-set dst-nat rule rule-1 match destination-address 100.100.10.1/32
    set security nat destination rule-set dst-nat rule rule-1 match destination-port 8080
    set security nat destination rule-set dst-nat rule rule-1 then destination-nat pool pool-1

    set security nat destination rule-set dst-nat rule rule-2 match source-address 0.0.0.0/0
    set security nat destination rule-set dst-nat rule rule-2 match destination-address 100.100.10.1/32
    set security nat destination rule-set dst-nat rule rule-2 match destination-port 2200
    set security nat destination rule-set dst-nat rule rule-2 then destination-nat pool pool-2

    set security nat destination rule-set dst-nat rule rule-3 match source-address 0.0.0.0/0
    set security nat destination rule-set dst-nat rule rule-3 match destination-address 100.100.10.1/32
    set security nat destination rule-set dst-nat rule rule-3 match destination-port 2300
    set security nat destination rule-set dst-nat rule rule-3 then destination-nat pool pool-3

     

    HTH



  • 3.  RE: Dynamic destination NAT

    Posted 01-23-2012 13:18

    great ! thanks 🙂