SRX Services Gateway
Highlighted
SRX Services Gateway

Source NAT based on not equal to destinations

‎08-18-2015 08:52 AM
Hello! Can you apply source NAT based on if the traffic is not equal to another few destinations. Basically I want a few network ranges to go down a tunnel interface and not be source NAT'ed but the rest of the traffic I would like to go down the default route and be source NAT'ed with the egress interface on the Firewall. Not sure if this is possible or how to go about it! Many Thanks, Nick
2 REPLIES 2
Highlighted
SRX Services Gateway
Solution
Accepted by topic author Gunner247
‎08-26-2015 01:27 AM

Re: Source NAT based on not equal to destinations

‎08-18-2015 01:24 PM

Hi,

 

Yes you can do what you are asking.

 

 

security {
    nat {
        source {
            rule-set internet {
                from zone inside;
                to zone outside;
                rule no-nat {
                    match {
source-address [ 192.168.1.0/24 192.168.2.0/24 ]; destination-address [ 100.1.1.1/32 90.1.1.1/24 ]; } then { source-nat { off; } } } rule nat { match { source-address [ 192.168.1.0/24 192.168.2.0/24 ]; } then { source-nat { interface; } } } } } } }

 

Tim

 

SRX Services Gateway

Re: Source NAT based on not equal to destinations

‎08-19-2015 02:23 AM
Works perfectly, many thanks!!
Feedback