show interfaces terse | no-more Interface Admin Link Proto Local Remote ge-0/0/0 up up ge-0/0/0.0 up up inet 192.168.0.202/24 gr-0/0/0 up up ip-0/0/0 up up lsq-0/0/0 up up lt-0/0/0 up up mt-0/0/0 up up sp-0/0/0 up up sp-0/0/0.0 up up inet inet6 sp-0/0/0.16383 up up inet 10.0.0.1 --> 10.0.0.16 10.0.0.6 --> 0/0 128.0.0.1 --> 128.0.1.16 128.0.0.6 --> 0/0 ge-0/0/1 up up ge-0/0/1.0 up up inet 192.168.10.1/24 ge-0/0/2 up down ge-0/0/2.0 up down eth-switch ge-0/0/3 up down ge-0/0/3.0 up down eth-switch ge-0/0/4 up down ge-0/0/4.0 up down eth-switch ge-0/0/5 up down ge-0/0/5.0 up down eth-switch ge-0/0/6 up down ge-0/0/6.0 up down inet 212.20.228.2/30 ge-0/0/7 up down ge-0/0/7.0 up down inet dl0 up up dl0.0 up up inet inet6 fe80::f6cc:550f:fc2e:3a00/64 esi up up fti0 up up fxp2 up up fxp2.0 up up tnp 0x1 gre up up ipip up up irb up up irb.0 up down inet 192.168.1.1/24 jsrv up up jsrv.1 up up inet 128.0.0.127/2 lo0 up up lo0.0 up up inet 1.1.1.1/24 lo0.16384 up up inet 127.0.0.1 --> 0/0 lo0.16385 up up inet 10.0.0.1 --> 0/0 10.0.0.16 --> 0/0 128.0.0.1 --> 0/0 128.0.0.4 --> 0/0 128.0.1.16 --> 0/0 lo0.32768 up up lsi up up mtun up up pimd up up pime up up pp0 up up ppd0 up up ppe0 up up rbeb up up st0 up up tap up up vtep up up john@JohnSRX> ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8): 56 data bytes 64 bytes from 8.8.8.8: icmp_seq=0 ttl=58 time=21.157 ms 64 bytes from 8.8.8.8: icmp_seq=1 ttl=58 time=20.135 ms 64 bytes from 8.8.8.8: icmp_seq=2 ttl=58 time=18.700 ms 64 bytes from 8.8.8.8: icmp_seq=3 ttl=58 time=19.961 ms ^C --- 8.8.8.8 ping statistics --- 4 packets transmitted, 4 packets received, 0% packet loss round-trip min/avg/max/stddev = 18.700/19.988/21.157/0.873 ms john@JohnSRX> john@JohnSRX> ping 8.8.8.8 source 192.168.10.1 PING 8.8.8.8 (8.8.8.8): 56 data bytes ^C --- 8.8.8.8 ping statistics --- 5 packets transmitted, 0 packets received, 100% packet loss john@JohnSRX> #Laptop on 192.168.10.2 can ping 8.8.8.8 successfully john@JohnSRX> ping 18 92.168.10.2 PING 192.168.10.2 (192.168.10.2): 56 data bytes 64 bytes from 192.168.10.2: icmp_seq=0 ttl=128 time=11.170 ms 64 bytes from 192.168.10.2: icmp_seq=1 ttl=128 time=1.708 ms 64 bytes from 192.168.10.2: icmp_seq=2 ttl=128 time=23.544 ms ^C --- 192.168.10.2 ping statistics --- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max/stddev = 1.708/12.141/23.544/8.941 ms john@JohnSRX> show route inet.0: 10 destinations, 10 routes (10 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 0.0.0.0/0 *[Static/5] 00:04:01 > to 192.168.0.1 via ge-0/0/0.0 1.1.1.0/24 *[Direct/0] 00:30:52 > via lo0.0 1.1.1.1/32 *[Local/0] 00:30:52 Local via lo0.0 192.168.0.0/24 *[Direct/0] 00:04:01 > via ge-0/0/0.0 192.168.0.202/32 *[Local/0] 00:04:01 Local via ge-0/0/0.0 192.168.1.1/32 *[Local/0] 00:30:21 Reject 192.168.10.0/24 *[Direct/0] 00:09:43 > via ge-0/0/1.0 192.168.10.1/32 *[Local/0] 00:09:43 Local via ge-0/0/1.0 212.20.228.2/32 *[Local/0] 00:30:02 Reject 224.0.0.5/32 *[OSPF/10] 00:31:00, metric 1 ---(more)--- MultiRecv inet6.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both fe80::f6cc:550f:fc2e:3a00/128 *[Local/0] 00:30:18 Local via dl0.0 ff02::2/128 *[INET6/0] 00:30:58 MultiRecv john@JohnSRX> show security nat source rule all Total rules: 1 Total referenced IPv4/IPv6 ip-prefixes: 2/0 source NAT rule: NAT-RULE Rule-set: NAT-RULE Rule-Id : 1 Rule position : 1 From zone : trust To zone : trust Match Source addresses : 192.168.10.0 - 192.168.10.255 Destination addresses : 0.0.0.0 - 255.255.255.255 Action : interface Persistent NAT type : N/A Persistent NAT mapping type : address-port-mapping Inactivity timeout : 0 Max session number : 0 Translation hits : 9 Successful sessions : 9 Failed sessions : 0 Number of sessions : 0 john@JohnSRX> show configuration | no-more ## Last commit: 2022-10-09 13:37:12 UTC by john version 19.4R3-S1.3; groups { global { security { policies { default-policy { permit-all; } } } } } apply-groups global; system { host-name JohnSRX; root-authentication { encrypted-password "$6$V4x9AJKQ$0H0Axb32I9Q6vd7IyWbGVysAzHMxkSykWjDzFerr/BOJle/h3Sfqi8MJg0w5eroELt..YA1V1dInjMyZc3nO/0"; ## SECRET-DATA } login { user john { uid 2000; class super-user; authentication { encrypted-password "$6$HiBfAxz.$U6wi4mOcPsPJmQ8NlJdG3i2Uv6jXrtCbj/PJSYTK/JBKFvSiskirpPV5MKq9L8VwmutU1kdmxSXPOU.kjQEo30"; ## SECRET-DATA } } } services { ssh { root-login allow; } netconf { ssh; } dhcp-local-server { group jdhcp-group { interface irb.0; } } web-management { http { interface [ vlan.0 ge-0/0/0.0 ]; } https { system-generated-certificate; interface [ vlan.0 ge-0/0/0.0 ]; } } } time-zone Gmt; name-server { 8.8.8.8; 8.8.4.4; } syslog { archive size 100k files 3; user * { any emergency; } file messages { any notice; authorization info; } file interactive-commands { interactive-commands any; } } max-configurations-on-flash 5; max-configuration-rollbacks 5; license { autoupdate { url https://ae1.juniper.net/junos/key_retrieval; } } phone-home { server https://redirect.juniper.net; rfc-compliant; } } security { screen { ids-option untrust-screen { icmp { ping-death; } ip { source-route-option; tear-drop; } tcp { syn-flood { alarm-threshold 1024; attack-threshold 200; source-threshold 1024; destination-threshold 2048; timeout 20; } land; } } } nat { source { rule-set NAT-RULE { from zone trust; to zone trust; rule NAT-RULE { match { source-address 192.168.10.0/24; destination-address 0.0.0.0/0; } then { source-nat { interface; } } } } } } policies; zones { security-zone trust { address-book { address network_100 192.168.10.0/24; } host-inbound-traffic { system-services { all; } protocols { all; } } interfaces { irb.0; ge-0/0/6.0 { host-inbound-traffic { system-services { all; } } } ge-0/0/1.0; lo0.0; ge-0/0/0.0; } } security-zone untrust { screen untrust-screen; interfaces { ge-0/0/7.0 { host-inbound-traffic { system-services { dhcp; tftp; } } } dl0.0 { host-inbound-traffic { system-services { tftp; } } } } } } } interfaces { interface-range interfaces-trust { member ge-0/0/6; } ge-0/0/0 { unit 0 { description " Connection to Home Network"; family inet { address 192.168.0.202/24; } } } ge-0/0/1 { unit 0 { family inet { address 192.168.10.1/24; } } } ge-0/0/2 { unit 0 { family ethernet-switching { vlan { members vlan-trust; } } } } ge-0/0/3 { unit 0 { family ethernet-switching { vlan { members vlan-trust; } } } } ge-0/0/4 { unit 0 { family ethernet-switching { vlan { members vlan-trust; } } } } ge-0/0/5 { unit 0 { family ethernet-switching { vlan { members vlan-trust; } } } } ge-0/0/6 { description "Link tp Cisco router"; unit 0 { description "Link to Cisco Router"; family inet { address 212.20.228.2/30; } } } ge-0/0/7 { unit 0 { family inet { dhcp { vendor-id Juniper-srx320; } } } } cl-1/0/0 { dialer-options { pool 1 priority 100; } } dl0 { unit 0 { family inet { negotiate-address; } family inet6 { negotiate-address; } dialer-options { pool 1; dial-string 1234; always-on; } } } irb { unit 0 { family inet { address 192.168.1.1/24; } } } lo0 { unit 0 { family inet { address 1.1.1.1/24; } } } } access { address-assignment { pool junosDHCPPool { family inet { network 192.168.1.0/24; range junosRange { low 192.168.1.2; high 192.168.1.254; } dhcp-attributes { router { 192.168.1.1; } propagate-settings ge-0/0/0.0; } } } } } vlans { vlan-trust { vlan-id 3; l3-interface irb.0; } } protocols { ospf { area 0.0.0.1 { interface ge-0/0/6.0; interface ge-0/0/0.0 { passive; } interface ge-0/0/5.0 { passive; } interface lo0.16385 { passive; } interface ge-0/0/1.0 { passive; } interface lo0.0; } } l2-learning { global-mode switching; } rstp { interface all; } } routing-options { static { route 0.0.0.0/0 next-hop [ 192.168.0.1 192.168.0.202 ]; } } john@JohnSRX> configure Entering configuration mode [edit] john@JohnSRX# show nat ^ syntax error. [edit] john@JohnSRX# show ? Possible completions: <[Enter]> Execute this command > access Network access configuration > access-profile Access profile for this instance > accounting-options Accounting data configuration > applications Define applications by protocol characteristics + apply-groups Groups from which to inherit configuration data > chassis Chassis configuration > class-of-service Class-of-service configuration > event-options Event processing configuration > firewall Define a firewall configuration > forwarding-options Configure options to control packet forwarding > groups Configuration groups > interfaces Interface configuration > policy-options Policy option configuration > protocols Routing protocol configuration > routing-instances Routing instance configuration > routing-options Protocol-independent routing option configuration > schedulers Security scheduler > security Security configuration > services Set services parameters > session-limit-group Session-limit-group configuration > smtp Simple Mail Transfer Protocol service configuration ---(more 79%)--- > snmp Simple Network Management Protocol configuration > switch-options Options for default routing-instance of type virtual-switch > system System parameters > vlans VLAN configuration > wlan Wireless access point configuration | Pipe through a command [edit] john@JohnSRX# show exit Exiting configuration mode john@JohnSRX> configure Entering configuration mode [edit] john@JohnSRX# show security nat source { rule-set NAT-RULE { from zone trust; to zone trust; rule NAT-RULE { match { source-address 192.168.10.0/24; destination-address 0.0.0.0/0; } then { source-nat { interface; } } } } } [edit] john@JohnSRX# als ^ unknown command. john@JohnSRX# als exit Exiting configuration mode john@JohnSRX> john@JohnSRX> also ^ unknown command. john@JohnSRX> also if ^ unknown command. john@JohnSRX> alsoif no ^ unknown command. john@JohnSRX> alsoifno cable ^ unknown command. john@JohnSRX> alsoifnocable pl # also if no cable in ge-0/0/1 ( 192.168.10.1 ) I get this john@JohnSRX> john@JohnSRX> configure john@JohnSRX> show configuration | no-more john@JohnSRX> show security nat source rule all john@JohnSRX> show route john@JohnSRX> ping 192.168.10.2 john@JohnSRX> ping 8.8.8.8 source 192.168.10.1 john@JohnSRX> ping 8.8.8.8 john@JohnSRX> ping 8.8.8.8 source 192.168.10.1 PING 8.8.8.8 (8.8.8.8): 56 data bytes ping: sendto: Can't assign requested address ping: sendto: Can't assign requested address ping: sendto: Can't assign requested address ping: sendto: Can't assign requested address ping: sendto: Can't assign requested address ping: sendto: Can't assign requested address ping: sendto: Can't assign requested address ^C --- 8.8.8.8 ping statistics --- 7 packets transmitted, 0 packets received, 100% packet loss john@JohnSRX>