SRX

 View Only
last person joined: 13 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  public ip behind srx320

    Posted 10-14-2020 05:01

    Hi there,

     

    I need to assign a public ip to a server. I have a /29 public range and use NAT for other server but this one must be accessed by public ip address without NAT, in a internal/trust zone from untrst/external zone. How do i set it up? is it possible?

     

    Thank you.

     

    /Carsten



  • 2.  Re: public ip behind srx320
    Best Answer

    Posted 10-14-2020 05:57

    Hi Carsten,

     

    it's definitely possible to do so - but you cannot have the same public range on multiple interfaces so to accomplish this you need either an extra /30 or get your existing /29 divided into two /30's.

     

    The you can create an interface with the public prefix and assign either to the existing trust zone or create a new (dmz?) zone.

    Possibly a new zone is easier to avoid colliding with existing NAT rules.

     

    You will either way also need your ISP to route the public prefix to the WAN ip of your SRX320 to ensure routing is done correctly.

     

    I hope this brings you a bit closer to a solution. Let us know if you need more input.



  • 3.  Re: public ip behind srx320

    Posted 10-14-2020 07:43

    Hi Jonas,

     

    Thank you very much helping here. One last question, is it possible to assign public ip range to IRB and nat to private addresses. I did try to find articles about it but i didn't succeed on this yet. I'll try your first solution soon. Thank you again.



  • 4.  Re: public ip behind srx320

    Posted 10-14-2020 07:48

    Hi Carsten,

     

    yeah you can easily do the same with an irb interface as you would with a physical one. It can be both public and internal addresses, all NAT types works the same and proxy-arp can also be done.



  • 5.  RE: Re: public ip behind srx320

    Posted 12-21-2020 08:09

    Hi Jonas,

    So now i've got a new /28 > split it up to 2 x /29,  on 2 different interfaces.

    I got internet connection egress and NAT to private ip ingress on one.

    But only internet connection egress on the other.

    If i would like to STATIC NAT to a public address on the private side on the firewall, then should I just setup static nat with:

    destination address = public ip, prefix = public ip? and then firewall rules.

    And should i setup proxy arp?

    Thank you.




  • 6.  RE: Re: public ip behind srx320

    Posted 01-19-2021 04:55
    Just wanted to let you know i got to work. Thanl you.