SRX

 View Only
last person joined: 16 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  srx 300 use ge-0/0/0 ip address for NAT (destination and static NAT) problem ~

    Posted 10-11-2017 22:18

    when i have "only one"  ip assigned for ge-0/0/0 untrust  interface  (example: 1.1.1.1)

    and  i need to use this ip address  to destination  NAT  my many server port service  int the trust zone 

     

    after I set    destination pool  ,  rule-set  and  rule for  source/ destination port mapping 

     

    should i need use this ip addres to  proxy-arp ? because  have error commit 

    set security nat proxy-arp interface ge-0/0/0.0 address 1.1.1.1    

     

    admin@SRX300# commit check
    [edit security nat proxy-arp interface ge-0/0/0.0]
    'address 1.1.1.1/32'
    Proxy ARP IP address range [1.1.1.1 1.1.1.1] overlaps with interface IP address range [1.1.1.1 1.1.1.1] defined on interface 'ge-0/0/0.0'
    error: configuration check-out failed

     

    and  other require  only one ip address at untrust  (same with the nat destination-address)  for static nat  need mapped-port  10000~20000 range

    should i need  proxy-arp ?

     

    please help me ~   thanks a lot ~~

     



  • 2.  RE: srx 300 use ge-0/0/0 ip address for NAT (destination and static NAT) problem ~
    Best Answer

     
    Posted 10-11-2017 22:30

    You dont need proxy arp in this scenario as the IP is assigned to interface directly. Proxy arp is required when the ip os not assigned to interface.

     

     

    Below KB explains When and how to configure Proxy ARP

     

    https://kb.juniper.net/InfoCenter/index?page=content&id=KB21785&actp=METADATA