SRX Services Gateway
Highlighted
SRX Services Gateway

SRX300 NAT with multiple WAN interfaces

‎10-06-2019 05:18 PM

I just switched ISP and I'm getting 5 IP. Unfortuantely the ISP doesn't give true static IP options, they use DHCP static binding to serve static IPs. In order to utilize all the IPs, I have to configure 5 interfaces each with DHCP option in the untrust zone. All the 5 IPs are in the same /24 subnet.

 

I'm wondering if this is possible.

I want to use

- ge0/0/0 for source nat internet access only -done already

- ge0/0/1 for trust zone - done already

- ge0/0/2 for dmz - done already

- ge0/0/3 for server destination nat - I'm having trouble getting this done.

 

Thanks a lot

 

Chris

 

2 REPLIES 2
SRX Services Gateway

Re: SRX300 NAT with multiple WAN interfaces

‎10-08-2019 10:30 AM

Hi Chris,

 

I believe you're worried about the IP address getting changed once in a while and you need to configure the destination-address match condition every time when the IP address changes. Am I right?

 

If that's the case, then I would suggest you match the destination-address as 0.0.0.0/0.

 

(e.g.) set security nat destination rule-set RS1 rule R1 match destination-address 0.0.0.0/0

 

Also, I have Dynamic DNS in mind as a workaround for the periodic change of IP address, however, I didnt had a chance to check the behaviour.



Thanks,
π00bm@$t€®.
Please, Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!
SRX Services Gateway

Re: SRX300 NAT with multiple WAN interfaces

‎10-08-2019 10:53 AM
Thanks.



My ISP blocks some ports like http/https/smtp. The only way those ports are opened is the IP is static. However, they don't assign static IP in the proper way, instead, they use mac binding to assign static IP through DHCP.



That mean I need 5 mac-addresses to get 5 IPs and I can't use ip alias to assign IPs to the same interface. For instance, I will have to use g0/0/0 - ge0/0/4 to get 5 IPs and asssign them in the same trust zone. The problem is the 5 IPs are in the same subnet.



I don't think it's going to work but just want to see if there is any workaround.

Basically I want to use

- ge0/0/0 for source nat for internet connection

- ge0/0/1-ge0/0/4 for server destination/static nat.



Thanks



Chris