[SRX] Static subnet to subnet NAT
Configuration:
NAT:
set security nat static rule-set StaticNAT from zone untrust
set security nat static rule-set StaticNAT rule StNAT match source-address 192.168.0.109/32
set security nat static rule-set StaticNAT rule StNAT match destination-address 3.3.3.0/24
set security nat static rule-set StaticNAT rule StNAT then static-nat prefix 11.11.11.0/24
set security nat static rule-set StaticNAT rule StNAT then static-nat prefix routing-instance untrust
set security nat static rule-set StaticNAT rule StNAT match source-address 192.168.0.109/32
set security nat static rule-set StaticNAT rule StNAT match destination-address 3.3.3.0/24
set security nat static rule-set StaticNAT rule StNAT then static-nat prefix 11.11.11.0/24
set security nat static rule-set StaticNAT rule StNAT then static-nat prefix routing-instance untrust
Security Policy (untrust to untrust):
set security policies from-zone untrust to-zone untrust policy allow match source-address any
set security policies from-zone untrust to-zone untrust policy allow match destination-address any
set security policies from-zone untrust to-zone untrust policy allow match application junos-icmp-all
set security policies from-zone untrust to-zone untrust policy allow then permit
set security policies from-zone untrust to-zone untrust policy allow match source-address any
set security policies from-zone untrust to-zone untrust policy allow match destination-address any
set security policies from-zone untrust to-zone untrust policy allow match application junos-icmp-all
set security policies from-zone untrust to-zone untrust policy allow then permit
Proxy ARP for the external pool:
set security nat proxy-arp interface ge-0/0/0.0 address 3.3.3.1/32 to 3.3.3.254/32
Comments
Post a Comment