SRX

 View Only
last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  Source nat via interface with multiple subnets

    Posted 10-14-2020 06:45

    Hi all,

     

    I am struggling with a Source-Nat rule. 

     

    I have the following config for the outgoing interface:

    interfaces ge-0/0/1
flexible-vlan-tagging;
native-vlan-id 10;
unit 0 {
    vlan-id 10;
    family inet {
        address 172.29.1.1/24;
        address 172.29.2.1/24;
        address 172.29.3.1/24;
    }
}

     

     

     I use the following rules for source-natting:

     

     

    rule-set vpn-mgt {
    from zone vpn;
    to zone mgt;
    rule snat-vpn-mgt {
        match {
            source-address 0.0.0.0/0;
        }
        then {
            source-nat {
                interface;
            }
        }
    }
}

     

     

     

    We do see translation happen but to the wrong ip address.

    If we try to ping 172.29.2.2 we will get the ip 172.29.1.1 from the interface.

     

    Can this be solved or do I have to use address pools instead?

     

    your sincerely,

     



  • 2.  Re: Source nat via interface with multiple subnets
    Best Answer

    Posted 10-14-2020 07:02

    "then source-nat interface" will source NAT with the primary IP of the interface - in this case 172.29.1.1.

     

    To solve it you need to have three address pools and then a rule-set for each destination-prefix and match source-nat with the appropriate pool.



  • 3.  Re: Source nat via interface with multiple subnets

    Posted 10-14-2020 07:18

    Thanks for the fast response 🙂

    Will create the pools in that case.