when i have "only one" ip assigned for ge-0/0/0 untrust interface (example: 1.1.1.1)
and i need to use this ip address to destination NAT my many server port service int the trust zone
after I set destination pool , rule-set and rule for source/ destination port mapping
should i need use this ip addres to proxy-arp ? because have error commit
set security nat proxy-arp interface ge-0/0/0.0 address 1.1.1.1
admin@SRX300# commit check
[edit security nat proxy-arp interface ge-0/0/0.0]
'address 1.1.1.1/32'
Proxy ARP IP address range [1.1.1.1 1.1.1.1] overlaps with interface IP address range [1.1.1.1 1.1.1.1] defined on interface 'ge-0/0/0.0'
error: configuration check-out failed
and other require only one ip address at untrust (same with the nat destination-address) for static nat need mapped-port 10000~20000 range
should i need proxy-arp ?
please help me ~ thanks a lot ~~