SRX Services Gateway
SRX Services Gateway

SRX as replacement edge router + firewall

[ Edited ]
01.25.10   |  
‎01-25-2010 07:31 PM

Hello - I'm new to the Juniper world, so please bear with me.

 

I have an edge router and a firewall - I'd like to replace both with my shiny new SRX650. Basically what I want is 3 interfaces:

 

ge-0/0/9: management interface

ge-0/0/1: /30 address (uplink to ISP)

ge-0/0/2: /24 address (DMZ private IP space)

ge-0/0/3: /16 address (my internal network)

 

Now, I also have a /27 public address block... being that I dont have any additional interfaces to assign this to, can I assign it to loopback interfaces, and NAT the loopback with servers on ge-0/0/2? A primer config would be extremely helpful.

 

Thank you in advance.

4 REPLIES
Highlighted
SRX Services Gateway

Re: SRX as replacement edge router + firewall

01.26.10   |  
‎01-26-2010 02:42 PM

You can use the /27 on the ge-0/0/1 in static or destination nat rules to the servers, no need for the loopback!

best regards,

Screenie.
Juniper Ambassador,
JNCIA IDP AC WX JNCIS FW SSL JNCIP SEC ENT SP JNCI

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
SRX Services Gateway

Re: SRX as replacement edge router + firewall

01.26.10   |  
‎01-26-2010 04:34 PM

Thanks Screenie, but ge-0/0/1 already has my /30 address to route with my ISP... how would you suggest I assign /27 to that as well?

SRX Services Gateway

Re: SRX as replacement edge router + firewall

01.27.10   |  
‎01-27-2010 01:09 AM

Your next-hop router on the ge-0/0/1 interface needs to route your /27 IP range to the /30 IP address of your firewall.  Then you can just use these addresses in your NAT configuration.

SRX Services Gateway

Re: SRX as replacement edge router + firewall

01.29.10   |  
‎01-29-2010 11:19 AM

Exactly that's how it's done!  thanks Sloefke.

best regards,

Screenie.
Juniper Ambassador,
JNCIA IDP AC WX JNCIS FW SSL JNCIP SEC ENT SP JNCI

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.