Hi.
I have SRX210HE and internal FTP-server, and I need to access to this FTP from public network. I saw a lot of material on this topic and does not understand what I did wrong.
blabla@blablabla# show security nat destination
pool NAS {
address 192.168.0.xxx/32 port 21;
}
pool NAS-20 {
address 192.168.0.xxx/32 port 20;
}
rule-set NAS {
from zone untrust;
rule NAS-21 {
match {
destination-address xxx.xxx.xxx.98/32;
destination-port 21;
}
then {
destination-nat pool NAS;
}
}
rule NAS-20 {
match {
destination-address xxx.xxx.xxx.98/32;
destination-port 20;
}
then {
destination-nat pool NAS-20;
}
}
}
blabla@blablabla# show security policies
from-zone trust to-zone untrust {
policy trust-to-untrust {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone untrust to-zone trust {
policy Phone-VPN {
match {
source-address any;
destination-address 192.168.0.0/16
application any;
}
then {
permit {
tunnel {
ipsec-vpn Avaya-Phones-VPN
}
}
}
}
policy dyn-vpn-policy {
match {
source-address any;
destination-address any;
application any;
}
then {
permit {
tunnel {
ipsec-vpn dyn-vpn;
}
}
}
}
policy NAS {
match {
source-address any;
destination-address NAS;
application junos-ftp;
}
then {
permit;
}
}
}
blabla@blablabla# show security alg
ftp disable ftps-extension;
h323 disable;
mgcp disable;
sccp disable;
sip disable;
Can it be that policies are interrupting each other? Any help will be very appreciated.