Hi Guys ,
I just joined this company with multiple sites, the 2 offices have Juniper SRX110 and the rest have Netcomm routers. Coming from Cisco background I'm just learning Junos as per request basis on our Network. We recently had an issue with our phone system ( between main office( JuniperSRX110-1)and remote branch ( NetcommNVF4-1), and as per our VOIP Provider requested, I've added ports to be opened on NAT destination rules. The problem is, all the nat rules I've created after commiting them stays inactive. I replicated the config on whats on the other office (SRX110-2)that has no issue with another site (NVF4-2) but stil no luck with this. Please share your expertise on this isssue. Configs below.
####################################################
nat {
source {
rule-set trust-to-untrust {
from zone trust;
to zone untrust;
rule source-nat-rule {
match {
source-address 0.0.0.0/0;
}
then {
source-nat {
interface;
}
}
}
}
}
destination {
pool pbx {
address 10.190.1.20/32;
}
pool voip_http {
address 10.190.1.22/32 port 80;
}
pool voip {
routing-instance {
default;
}
address 10.190.1.22/32;
}
pool pbx-http {
address 10.190.1.20/32 port 80;
}
rule-set dst-nat {
from zone untrust;
rule voip-http {
match {
destination-address 0.0.0.0/0;
destination-port {
13024;
}
protocol tcp;
}
then {
destination-nat {
pool {
voip_http;
}
}
}
}
rule pbx-1720 {
match {
destination-address 0.0.0.0/0;
destination-port {
1720;
}
}
then {
destination-nat {
pool {
pbx;
}
}
}
}
rule pbx-5060 {
match {
destination-address 0.0.0.0/0;
destination-port {
5060;
}
}
then {
destination-nat {
pool {
pbx;
}
}
}
}
rule pbx-5588 {
match {
destination-address 0.0.0.0/0;
destination-port {
5588;
}
}
then {
destination-nat {
pool {
pbx;
}
}
}
}
inactive: rule pbx-6254 {
match {
destination-address 0.0.0.0/0;
destination-port {
6254;
}
}
then {
destination-nat {
pool {
pbx;
}
}
}
}
inactive: rule pbx-7000 {
match {
destination-address 0.0.0.0/0;
destination-port {
7000 to 7015;
}
}
then {
destination-nat {
pool {
pbx;
}
}
}
}
inactive: rule pbx-7100 {
match {
destination-address 0.0.0.0/0;
destination-port {
7100 to 7115;
}
}
then {
destination-nat {
pool {
pbx;
}
}
}
}
inactive: rule pbx-7300 {
match {
destination-address 0.0.0.0/0;
destination-port {
7300 to 7315;
}
}
then {
destination-nat {
pool {
pbx;
}
}
}
}
inactive: rule voip-9000 {
match {
destination-address 0.0.0.0/0;
destination-port {
9000 to 9015;
}
}
then {
destination-nat {
pool {
voip;
}
}
}
}
inactive: rule voip-9100 {
match {
destination-address 0.0.0.0/0;
destination-port {
9100 to 9115;
}
}
then {
destination-nat {
pool {
voip;
}
}
}
}
inactive: rule voip-9300 {
match {
destination-address 0.0.0.0/0;
destination-port {
9300 to 9315;
}
}
then {
destination-nat {
pool {
voip;
}
}
}
}
rule pbx-http {
match {
destination-address 0.0.0.0/0;
destination-port {
13023;
}
}
then {
destination-nat {
pool {
pbx-http;
}
}
}
}
rule pbx-all {
match {
destination-address 0.0.0.0/0;
destination-port {
6000 to 9315;
}
protocol udp;
}
then {
destination-nat {
pool {
voip;
}
}
}
}
rule pbx-7000-all {
match {
destination-address 0.0.0.0/0;
destination-port {
7000 to 7315;
}
}
then {
destination-nat {
pool {
pbx;
}
}
}
}
}
}
}
###########################################################################################
root@> show security nat destination summary
Total pools: 4
Pool name Address Routing Port Total
Range Instance Address
pbx 10.190.1.20 - 10.190.1.20 0 1
voip_http 10.190.1.22 - 10.190.1.22 80 1
voip 10.190.1.22 - 10.190.1.22 default 0 1
pbx-http 10.190.1.20 - 10.190.1.20 80 1
Total rules: 7
Rule name Rule set From Action
voip-http dst-nat untrust voip_http
pbx-1720 dst-nat untrust pbx
pbx-5060 dst-nat untrust pbx
pbx-5588 dst-nat untrust pbx
pbx-http dst-nat untrust pbx-http
pbx-all dst-nat untrust voip
pbx-7000-all dst-nat untrust pbx
##########################################################
These rules are not showing on the NAT Destination Table
voip-9300
voip-9100
pbx-7300
pbx-7100
pbx-7000
pbx-6254
Thanks in advanced .
MudK