Hello
i have problem with nat configuration
Is it possible to make some thing like this?(pic below)
When user from Lin type "ssh 10.133.238.4" he must be connected to Lin_3, but Lin_3 knows only abou 10.31.50.12
and Lin knows only about 10.133.238.4
Such schema work on "Firebox" but i can not do it on JuniperSRX
I made such config :
set security nat static rule-set GTS-BTS from zone GTS
set security nat static rule-set GTS-BTS rule r1 match destination-address 10.133.238.4/32
set security nat static rule-set GTS-BTS rule r1 match destination-port 22
set security nat static rule-set GTS-BTS rule r1 then static-nat prefix 2.2.2.2/32
set security nat static rule-set GTS-BTS rule r1 then static-nat prefix mapped-port 22
but it dont work because 2.2.2.2 don't know about 1.1.1.1 and i can't change this (not my network)
root@firefly# run show security flow session
Session ID: 61, Policy name: GTS_BTS/8, Timeout: 18, Valid
In: 1.1.1.2/46760 --> 10.133.238.4/22;tcp, If: ge-0/0/0.0, Pkts: 1, Bytes: 60
Out: 2.2.2.2/22 --> 1.1.1.2/46760;tcp, If: ge-0/0/1.0, Pkts: 0, Bytes: 0
So when packet go away from srx its source ip address must be 10.31.50.12
As i understand i need something like this "
- Dynamic NAT (IP masquerading)--Maps outgoing private IP addresses to the Firebox's external IP address, meaning outgoing source IP addresses are translated into the IP address of the box's External interface. Incoming packets are translated from the
- External interface's IP address into the appropriate private IP address.
" -this is from http://www.watchguard.com/
Please any question if needed.
