SRX Services Gateway
SRX Services Gateway

NAT verification on SRX

‎07-18-2011 12:39 PM

Hi All

 

Could any one explain the below for me regarding source NAT

 

Session ID: 5500, Policy name: default-permit/17, Timeout: 1770
  In: 192.168.12.19/2183 --> 83.111.54.148/443;tcp, If: ge-0/0/3.0
  Out: 83.111.54.148/443 --> 94.200.74.132/23199;tcp, If: ge-0/0/8.0

The IN line I can uderstand packet coming from 192.168.12.19 to destination 83.111.54.148 on interface ge-0/0/3 (which is Trust interface) But second line OUT I cannot understand either it is AFTER THE SOURCE TRANSLATION or WHAT?

 

Thanks

1 REPLY 1
SRX Services Gateway

Re: NAT verification on SRX

‎07-18-2011 12:45 PM

The return flow will be "from" the external (original destination address) of 83.111.54.148 and will be destined to the NAT address of  94.200.74.132 - so yes, the second line represents the address post NAT translation. Very good tool to validate the NATsetup.

Kevin Barker
JNCIP-SEC
JNCIS-ENT, FWV, SSL, WLAN
JNCIA-ER, EX, IDP, UAC, WX
Juniper Networks Certified Instructor
Juniper Networks Ambassador

Juniper Elite Reseller
J-Partner Service Specialist - Implementation

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.