SRX

 View Only
last person joined: 15 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
Back to discussions
Expand all | Collapse all

destination nat for 1 public IP to 2 local host that use the same service port 443 (web application server)

  • 1.  destination nat for 1 public IP to 2 local host that use the same service port 443 (web application server)

    Posted 01-30-2018 17:54

    Hi Guys,

    will it work in destination nat if we use 1 public IP to 2 private IP that use the same service port 443? one is configured to port forward 8443(public) to port 443(private) then the other one is 443 to 443. the two local host were same web application server. below is the config of destination nat that i created:


    edit security nat destination
    pool 10_154_252_240 {
    address 10.154.252.240/32;
    }
    pool 10_104_64_5 {
    address 10.104.64.5/32;
    }
    rule-set NAT_for_server {
    from zone UNTRUST;
    rule DNAT-64_5 {
    match {
    destination-address 1.1.1.1/32;
    destination-port {
    443;
    }
    }
    then {
    destination-nat {
    pool {
    10_104_64_5;
    }
    }
    }
    }
    rule DNAT-252_240 {
    match {
    destination-address 1.1.1.1/32;
    destination-port {
    8443;
    }
    }
    then {
    destination-nat {
    pool {
    10_154_252_240;
    }



  • 2.  RE: destination nat for 1 public IP to 2 local host that use the same service port 443 (web application server)
    Best Answer

    Posted 01-31-2018 02:58

    THe pool used for the 8443 forward has to include also changing the destination port in addition to the address to hit the server 443 port.

     

    pool 10_154_252_240 {
    address 10.154.252.240/32 port 443;
    }