Hello everyone,
Please consider the following set up:
SERVER 10.10.10.10---10.10.10.1-f1 SRX1-f2 199.199.199.2---INTERNET----200.200.200.2-f2-SRX2-f1-10.11.11.0/24 hosts
Above we have:
GRE tunnel between SRX1/SRX2 i.e
SRX1
Gr-0/1/0.0
Tunnel source 199.199.199.2
Tunnel destination 200.200.200.2
Ip address 172.172.172.1/24
We place the tunnel in ZONE A
Also we place the physical interface f1 GRE is riding on in ZONE AA
SRX2 :
Gr-0/1/0.0
Tunnel source 200.200.200.2
Tunnel destination 199.199.199.1
Ip address 172.172.172.2/24
We place the tunnel in ZONE B
Also we place the physical interface f1 GRE is riding on in ZONE AA
Goals:
All hosts on 10.11.11.0/24 will send traffic to 10.10.10.12, which is GRE encapsulated with outer IP HEADER SRC IP 200.200.200.2 DEST IP 199.199.199.2
SRX1 will encapsulate the GRE packet, recover the original packet with src in 10.11.11.0/24 and destination 10.10.10.12
SRX1 is configured with STATIC NAT rule which says If the packet is received from CERTIAN ZONE, and destination IP is 10.10.10.12, then replace the destination IP with 10.10.10.10
So that is how traffic from hosts on 10.11.11.0/24 to Server flows.
QUESTION:
- On SRX1, what that certain zone should be for NAT rule, is the Zone associated with physical interface f1 i.e. ZONE AA or is it a zone associated with GRE tunnel i.e. ZONE A?
Thanks and have a nice day!!