SRX

last person joined: 2 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  SRX 240 hairpin nat not working

    Posted 08-24-2016 01:38
      |   view attached

    Hello, i have problem with hairpin nat on srx 240. I have one hairpin nat from same zones and one from different zones. From same zones nat is working, but from different zones nat doesnt work. Policies from zones are permited. Then i connect with http://195.182.79.134 from 192.168.68.x subnet, its not working, then i connect to 192.168.0.157 its work perfectly. Then i trying to connect to 195.182.79.134, on srx i dont see any sessions. On NS 5gt all policies are permited and in logs i see what traffic is send to destination, but back traffic is not recieved.
    No routing instance is configured on srx. Routes are good.
    There is the problem



  • 2.  RE: SRX 240 hairpin nat not working

     
    Posted 08-24-2016 01:42

    Please share your configuration to understnad the issue in a better way along with "show route" output



  • 3.  RE: SRX 240 hairpin nat not working

    Posted 08-24-2016 02:53

    Here is my show route output. 

     

    inet.0: 57 destinations, 57 routes (57 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both

    0.0.0.0/0 *[Static/5] 9w5d 00:51:25
    > to 195.182.79.129 via ge-0/0/0.120
    10.20.32.0/24 *[Direct/0] 02:37:44
    > via st0.1
    10.20.32.1/32 *[Local/0] 9w5d 00:55:17
    Local via st0.1
    10.107.81.4/30 *[Direct/0] 9w5d 00:51:25
    > via ge-0/0/0.129
    10.107.81.6/32 *[Local/0] 9w5d 00:51:43
    Local via ge-0/0/0.129
    10.200.1.28/30 *[Direct/0] 02:37:28
    > via st0.0
    10.200.1.30/32 *[Local/0] 9w5d 00:55:18
    Local via st0.0
    10.230.28.0/24 *[Direct/0] 9w5d 00:51:18
    > via vlan.0
    10.230.28.1/32 *[Local/0] 9w5d 00:55:16
    Local via vlan.0
    10.232.254.0/24 *[Static/5] 02:37:27
    > to 10.200.1.29 via st0.0
    10.242.0.0/16 *[Static/5] 9w5d 00:51:25
    > to 10.242.96.81 via ge-0/0/0.121
    10.242.96.80/28 *[Direct/0] 9w5d 00:51:25
    > via ge-0/0/0.121
    10.242.96.82/32 *[Local/0] 9w5d 00:51:44
    Local via ge-0/0/0.121
    10.245.0.0/16 *[Static/5] 9w5d 00:51:25
    > to 10.245.96.113 via ge-0/0/0.122
    10.245.96.112/28 *[Direct/0] 9w5d 00:51:25
    > via ge-0/0/0.122
    10.245.96.114/32 *[Local/0] 9w5d 00:51:43
    Local via ge-0/0/0.122
    10.245.96.128/27 *[Direct/0] 9w5d 00:51:10
    > via ge-0/0/2.0
    10.245.96.129/32 *[Local/0] 9w5d 00:51:43
    Local via ge-0/0/2.0
    10.246.0.0/16 *[Static/5] 02:37:27
    > to 10.200.1.29 via st0.0
    10.246.39.0/28 *[Static/5] 02:37:25
    > to 10.20.32.3 via st0.1
    10.246.39.16/28 *[Static/5] 02:37:15
    > to 10.20.32.9 via st0.1
    10.246.39.32/28 *[Static/5] 02:37:19
    > to 10.20.32.6 via st0.1
    10.246.39.48/28 *[Static/5] 02:37:17
    > to 10.20.32.8 via st0.1
    10.246.39.64/28 *[Static/5] 01:44:59
    > to 10.20.32.7 via st0.1
    10.246.39.80/28 *[Static/5] 02:37:19
    > to 10.20.32.4 via st0.1
    10.246.39.96/28 *[Static/5] 02:37:25
    > to 10.20.32.5 via st0.1
    10.246.39.112/28 *[Static/5] 02:37:22
    > to 10.20.32.2 via st0.1
    10.250.0.0/15 *[Static/5] 9w5d 00:51:25
    > to 10.107.81.5 via ge-0/0/0.129
    10.250.97.0/24 *[Direct/0] 9w5d 00:51:18
    > via vlan.0
    10.250.97.1/32 *[Local/0] 9w5d 00:55:16
    Local via vlan.0
    10.251.97.0/29 *[Static/5] 9w5d 00:51:10
    > to 10.245.96.130 via ge-0/0/2.0
    10.251.97.16/29 *[Static/5] 9w5d 00:51:10
    > to 10.245.96.132 via ge-0/0/2.0
    10.251.97.24/29 *[Static/5] 9w5d 00:51:10
    > to 10.245.96.133 via ge-0/0/2.0
    10.251.97.32/29 *[Static/5] 9w5d 00:51:10
    > to 10.245.96.134 via ge-0/0/2.0
    10.251.97.40/29 *[Static/5] 9w5d 00:51:10
    > to 10.245.96.135 via ge-0/0/2.0
    10.251.97.48/29 *[Static/5] 9w5d 00:51:10
    > to 10.245.96.136 via ge-0/0/2.0
    10.251.97.64/26 *[Direct/0] 9w5d 00:51:18
    > via vlan.0
    10.251.97.65/32 *[Local/0] 9w5d 00:55:16
    Local via vlan.0
    10.251.97.224/28 *[Static/5] 9w5d 00:51:10
    > to 10.245.96.131 via ge-0/0/2.0
    10.251.97.240/28 *[Static/5] 9w5d 00:51:10
    > to 10.245.96.137 via ge-0/0/2.0
    192.168.0.0/24 *[Direct/0] 9w5d 00:51:18
    > via vlan.0
    192.168.0.1/32 *[Local/0] 9w5d 00:55:16
    Local via vlan.0
    192.168.64.0/24 *[Static/5] 9w5d 00:51:10
    > to 10.245.96.130 via ge-0/0/2.0
    192.168.65.0/24 *[Static/5] 9w5d 00:51:10
    > to 10.245.96.131 via ge-0/0/2.0
    192.168.66.0/24 *[Static/5] 9w5d 00:51:10
    > to 10.245.96.132 via ge-0/0/2.0
    192.168.67.0/24 *[Static/5] 9w5d 00:51:10
    > to 10.245.96.133 via ge-0/0/2.0
    192.168.68.0/24 *[Static/5] 9w5d 00:51:10
    > to 10.245.96.134 via ge-0/0/2.0
    192.168.69.0/24 *[Static/5] 9w5d 00:51:10
    > to 10.245.96.135 via ge-0/0/2.0
    192.168.70.0/24 *[Static/5] 9w5d 00:51:10
    > to 10.245.96.136 via ge-0/0/2.0
    192.168.71.0/24 *[Static/5] 9w5d 00:51:10
    > to 10.245.96.137 via ge-0/0/2.0
    192.168.101.0/24 *[Static/5] 9w5d 00:51:18
    > to 192.168.0.240 via vlan.0
    193.219.14.96/28 *[Static/5] 9w5d 00:51:26
    > to 10.107.81.5 via ge-0/0/0.129
    195.182.79.128/29 *[Direct/0] 9w5d 00:51:26
    > via ge-0/0/0.120
    195.182.79.130/32 *[Local/0] 9w5d 00:51:45
    Local via ge-0/0/0.120
    195.182.79.131/32 *[Static/1] 9w5d 00:51:43
    Discard
    195.182.79.132/31 *[Static/1] 9w5d 00:51:43
    Discard
    195.182.79.134/32 *[Static/1] 9w5d 00:51:42
    Discard



  • 4.  RE: SRX 240 hairpin nat not working
    Best Answer

    Posted 08-24-2016 05:32

    Problem solved. On destination nat was not permited vpt zone.