SRX Services Gateway
Highlighted
SRX Services Gateway

Problem with traffic from trusted to dmz (public ip, not nat-ed ip)

‎10-16-2013 04:12 AM

I have a problem when I try to access a server which is in the DMZ network in my firewall the traffic does not come through, but when going against the NAT:ed address it works just fine.

 

This works:
10.1.10.5 (trusted) -> 10.2.10.5 (DMZ)

 

This does not:
10.1.10.5 (trusted) -> 13.13.13.15 (DMZ)

 

I have a SRX650 cluster running version 11.4R9.4

 

What could be the problem?

1 REPLY 1
Highlighted
SRX Services Gateway

Re: Problem with traffic from trusted to dmz (public ip, not nat-ed ip)

‎10-16-2013 03:47 PM

Try this:


Local traffic is not evaluated for NAT. Do you have a layer 2 device in the mix? If switch is in the mix, then a source NAT rule fro local host to create a reverse NAT from destination host would be teh solution
Add a NAT rule set so that local traffic is evaluated for NAT


edit security nat destination]
huser@srx650# show
pool dmz-Server {
address 13.13.13.15/32;
}
rule-set To-dmz-Server {
from zone trust;
rule to-dmz-Server1 {
match {
source-address 10.1.10.0/24;
destination-address 13.13.13.15/32;
destination-port <##> (or use any);
}
then {
destination-nat pool dmz-Server

[KUDOS PLEASE! If you think I earned it!
If this solution worked for you please flag my post as an "Accepted Solution" so others can benefit..]
Feedback