im traying to configure on srx300 source nat from zone trust to zone internet, but i have problem.
internet zone have two address( primary and secondary) on ge-0/0/0.0.
one address is public static ip X.X.X.X/30 other one is private 172.16.50.2/28 boath from isp.
trust zone is on ge-0/0/1.0 and address is 10.0.0.1/24
how to configure source nat for internet to public ip and source nat to private ip????
i tried with rule set trust to internet ruleset: private_nat, public_nat where is :
private_nat : source address(0.0.0.0/0) to desstination address (172.16.50.0/24) with pool_private (172.16.50.2/32)
public_nat: source address(0.0.0.0/0) to desstination address (0.0.0.0/0) with pool_public (X.X.X.X/32)
when boath rules are there only internet is working,
when i set source nat to interface there is no internet, i can ping 172.16.50.0/24 because address 172.16.50.2 i lower then X.X.X.X
Please help and sorry for my english,thank you
Go to Solution.
Can you confirm the order of the nat rules when both are in place?
They will be processed in order.
show security nat source