SRX Services Gateway
Highlighted
SRX Services Gateway

Juniper SRX - Destination NAT with dynamic ip

a month ago

 

Dear Juniper Geeks , 

 

I was wondering if there is anyway to configure Destination nat to my local server with Internet connection has dynamic ip address ?

 

if yes please share configuation example / link 

 

Much appreciated .

Mohammad Rummaneh

5 REPLIES 5
Highlighted
SRX Services Gateway

Re: Juniper SRX - Destination NAT with dynamic ip

a month ago

Hello,

 

Please use the destination address as 0.0.0.0/0 that will make the NAT to be done for the interface IP. Please see the example below:

 

set security nat destination pool pool-1 address 192.168.168.10/32
set security nat destination pool pool-1 address port 80

 

set security nat destination rule-set dest-nat from zone Untrust
set security nat destination rule-set dest-nat rule r1 match destination-address 0.0.0.0/0
set security nat destination rule-set dest-nat rule r1 match destination-port 80
set security nat destination rule-set dest-nat rule r1 then destination-nat pool pool-1

 

I would advise you to use destination port cautiously so the traffic to host(self-traffic) is not affected if in case the external IP address is used to access.

 

Regards,

Prakash

Highlighted
SRX Services Gateway

Re: Juniper SRX - Destination NAT with dynamic ip

a month ago

Hi Rummaneh,

 

As Prakash stated, the easiest way is to configure 0/0 in the destination NAT rule.

 

Another method is to use Dynamic DNS and matching it as destination-address-name of the Dynamic NAT instead of destination-address. Although, I'm not sure whether this method works because I never tried it. By chance, if you tried this method, please let me know Smiley Happy



Thanks,
π00bm@$t€®.
Please, Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!
Highlighted
SRX Services Gateway

Re: Juniper SRX - Destination NAT with dynamic ip

4 weeks ago

thanks for your replay .

 

i will add 0.0.0.0/0  as destination address .

 

what is easiest way to know the dynamic ip of the router , because i am not always at office ?

 

BR

Mohammad R. 

Highlighted
SRX Services Gateway

Re: Juniper SRX - Destination NAT with dynamic ip

4 weeks ago

Hi Mohammad,

 

As far as I know, you need to login to the SRX in order to check the Dynamic IP address assigned to the interface. I believe this would be the Private IP address that your ISP assigned to the SRX.

 

In case if you would like to know the public IP address assigned to you by the ISP, then you can use whatismyip.com and it will let you know your public IP address. Again for this, your PC traffic has to be in the same ISP where SRX is connected to.

 

The above 2 methods require your presence in office but if you would like to check the public IP address assigned by your ISP remotely then AFAIK Dynamic DNS is the only option. But I will leave it to the community members for more options if there is any.



Thanks,
π00bm@$t€®.
Please, Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!
Highlighted
SRX Services Gateway

Re: Juniper SRX - Destination NAT with dynamic ip

4 weeks ago

Hello Mohammad,

 

You can have a dynamic DNS profile created with any Dynamic DNS provider who will assign a domain name and that domain name can be mapped with the IP address on the SRX interface. Please see KB below for configuration and whenever the IP address on the SRX interface changes, SRX will sync the same with the provider. So when you connect with the domain name, it will always be to the updated IP address.

 

https://kb.juniper.net/InfoCenter/index?page=content&id=KB28971

 

Regards,

Prakash

Feedback