SRX Services Gateway
Highlighted
SRX Services Gateway

Services > Nat > Rule?

[ Edited ]
‎02-27-2019 07:03 AM

I'm trying to follow the docs here and here.  Both reference a `rule` directly below the Services/Nat context

[edit services nat]
rule rule-name {
[edit services nat]
user@host# set rule rule-dnat44 match-direction input term t1 from destination-address 20.20.20.20

 

However, when I try to apply a similar config on my srx240, I get a warning:

The configuration could not be un-locked.

Error(s): 
1) syntax error
2) error recovery ignores input until this point

Warning(s): 
1) rule
2) }

 

Here is the entire `services` section of my config:

services {
  flow-monitoring {
    version9 {
      template IPv4Test {
        ipv4-template;
      }
    }
  }
  application-identification;
  nat {
    rule testRule {
      term testTerm {
        from {
          destination-address <WAN IP>/32;
        }
        then {
          destination-prefix 192.168.1.22/32;
        }
      }
    }
  }
}

 

If I remove the rule it works fine.

2 REPLIES 2
Highlighted
SRX Services Gateway
Solution
Accepted by topic author RoamScott
‎02-27-2019 07:42 AM

Re: Services > Nat > Rule?

‎02-27-2019 07:40 AM

The configuration examples you are referring is for M/MX/T/ACX series devices. Please check platform support in those links.

In SRX nat is configured under "security" stanza. Please refer this KB for more NAT configuration examples.

https://kb.juniper.net/library/CUSTOMERSERVICE/technotes/Junos_NAT_Examples.pdf

 

Thanks,
Nellikka
JNCIE x3 (SEC #321; SP #2839; ENT #790)
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!
Highlighted
SRX Services Gateway

Re: Services > Nat > Rule?

‎02-27-2019 07:42 AM

Ooops!  Thanks.

Feedback