SRX

Dear all,

Before I start my explanation here go some information:

- My external IP is 187.72.138.193

- My internal network goes under 10.196.X.X

- I am using Juniper SRX220

Now my question is about accessing a service I run at http://10.196.24.178:8086 (internal network) from outside.

as you will see below I have others services running outside already, but I do not know how to configure it considering I am pretty new in SRX devices.

My point is that I need that if someone from anywhere in the world types  187.72.138.193:8086 in browser it redirects to my internal network and shows the content of the service running on 10.196.24.178:8086.

If possible please tell me the commands I have to run in order to make it available from outside.

Kind regards.

set security nat destination pool WebServer3 address 10.196.24.178 port 8086
set security nat destination rule-set WebServer3 from zone untrust
set security nat destination rule-set WebServer3 rule Web3 match destination-address 187.72.138.193/32
set security nat destination rule-set WebServer3 rule Web3 match destination-port 8086
set security nat destination rule-set WebServer3 rule Web3 then destination-nat pool WebServer3

set security zones security-zone trust address-book address WebServer3 10.196.24.178/32
set applications application My-HTTP protocol tcp destination-port 8086
set security policies from-zone untrust to-zone trust policy Allow-WebServer3 match source-address any
set security policies from-zone untrust to-zone trust policy Allow-WebServer3 match destination-address WebServer3
set security policies from-zone untrust to-zone trust policy Allow-WebServer3 match application My-HTTP
set security policies from-zone untrust to-zone trust policy Allow-WebServer3 then permit

show | compare
commit

When I ran commit I got the error below:

[edit security nat destination]
'rule-set WebServer3'
rule-set WebServer3 and rule-set Webserver1 have same context.
error: configuration check-out failed

Kind regards.

Try this:

set security nat destination pool WebServer3 address 10.196.24.178 port 8086

set security nat destination rule-set Webserver1 rule Web3 match destination-address 187.72.138.193/32
set security nat destination rule-set Webserver1 rule Web3 match destination-port 8086
set security nat destination rule-set Webserver1 rule Web3 then destination-nat pool WebServer3

set security zones security-zone trust address-book address WebServer3 10.196.24.178/32
set applications application My-HTTP protocol tcp destination-port 8086
set security policies from-zone untrust to-zone trust policy Allow-WebServer3 match source-address any
set security policies from-zone untrust to-zone trust policy Allow-WebServer3 match destination-address WebServer3
set security policies from-zone untrust to-zone trust policy Allow-WebServer3 match application My-HTTP
set security policies from-zone untrust to-zone trust policy Allow-WebServer3 then permit

Now I got it working. thank you very much.

Did you rollback the previous configuration? If not, just enter "rollback" from config mode and paste and commit new configuration.

I noticed it right after I posted that I got the same error

Thanks