when i have "only one" ip assigned for ge-0/0/0 untrust interface (example: 22.214.171.124)
and i need to use this ip address to destination NAT my many server port service int the trust zone
after I set destination pool , rule-set and rule for source/ destination port mapping
should i need use this ip addres to proxy-arp ? because have error commit
set security nat proxy-arp interface ge-0/0/0.0 address 126.96.36.199
admin@SRX300# commit check[edit security nat proxy-arp interface ge-0/0/0.0] 'address 188.8.131.52/32' Proxy ARP IP address range [184.108.40.206 220.127.116.11] overlaps with interface IP address range [18.104.22.168 22.214.171.124] defined on interface 'ge-0/0/0.0'error: configuration check-out failed
and other require only one ip address at untrust (same with the nat destination-address) for static nat need mapped-port 10000~20000 range
should i need proxy-arp ?
please help me ~ thanks a lot ~~
You dont need proxy arp in this scenario as the IP is assigned to interface directly. Proxy arp is required when the ip os not assigned to interface.
Below KB explains When and how to configure Proxy ARP