Screen OS

last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  Nat-src/nat-dst in same time

    Posted 05-23-2008 02:36

    hi,

     

     

    here is my network

    my firewall is a SSG 140 running 6.1.0 screenos.

     

     I need to nat the pc 172.16.13.69 with ip 195.120.222.1 on interface dmz.

     

    at this time i do this with a policie nat but when i try to ping  the server 157.23.17.21 my station isn't nat.

     

    please help 



  • 2.  RE: Nat-src/nat-dst in same time

    Posted 05-23-2008 20:05

    Hi Outback,

     

    Does the nated ip is 195.120.222.1 ? Cause there is no 195.120 ... networks in your sheme ! So even if you nat your ip , you will have routing problems in this case.Smiley Mad

     


  • 3.  RE: Nat-src/nat-dst in same time

    Posted 05-26-2008 02:05

    no i have put the right route on booth side.

     

    i can make a connection from 157.23.17.21 to 195.120.222.1 (nat of 172.16.13.69, i use a polici based nat

     

    but when i make a connection from 172.16.13.69 to 157.23.17.21 i cant be natted behind the same address because i don't use a mip.

     

    for the mip i can't use it because when i try it say "The mapped ip must be in the same subnet as the interface" 



  • 4.  RE: Nat-src/nat-dst in same time

    Posted 05-27-2008 09:26

    Hi Outback,

     

    Put your interface in the "untrust" zone instead of the "DMZ" zone :

    You will no longer have the "The mapped ip must be in the same subnet as the interface" message error

     

    You will then have to re-set all your security policy.



  • 5.  RE: Nat-src/nat-dst in same time
    Best Answer

    Posted 05-27-2008 09:48

    i have the solution.

     

    enter the mip in cli and it's ok.

     

    thanks for helpSmiley Happy