SRX

last person joined: 2 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  How to do destination NAT with domain?

    Posted 06-06-2016 22:34

    Hello,

     

    I'm wondering whether it's possible to do destination NAT with domain name. Something like:

     

    - service1.example.com -> 172.17.1.3 port 80

    - service2.example.com -> 172.17.1.4 port 80

     

    There seems to be a discussion on this topic here, but that thread mentions source NAT. I've tried configuring an address in the address book like this:

     

    set security zones security-zone Internet address-book address SERVICE_1 dns-name service1.example.com ipv4-only

    Then configuring destination NAT like this:

     

     

    description "Destination NAT for Service 1";
match {
    destination-address-name SERVICE_1;
    destination-port 80;
    protocol tcp;
}
then {
    destination-nat {
        pool {
           service-1-server;
        }
    }
}

     

    However, when I tried committing, I got this error:

     

    [edit security nat destination rule-set dst-nat rule forward-service-1 match]
  'destination-address-name'
    Can not find address/address-set(SERVICE_1) in default global address book
error: configuration check-out failed

     

     

    (It seems that the global address book can't be set when there's any zone-specific address book configured - which in my case there is a few of addresses set there. Is there any other way?)

     

    Any help would be appreciated.

     



  • 2.  RE: How to do destination NAT with domain?
    Best Answer

     
    Posted 06-06-2016 22:42

    Hello ,

     

    DNS name in NAT rule is not supported . Please check :

     

    http://kb.juniper.net/InfoCenter/index?page=content&id=KB27679&actp=RSS