I am trying to figure out if I can do SOURCE NAT on SRX with a interface but with no port translation.
[edit security nat source]
set rule-set rs1 from zone trust set rule-set rs1 to zone untrust
set rule-set rs1 rule r1 match source-address 0.0.0.0/0
set rule-set rs1 rule r1 match destination-address 0.0.0.0/0
set rule-set rs1 rule r1 then source-nat interface
Thanks and have a nice day!!
Why would you want to? That would mean that only the first host that uses a port will be allowed. This can cause major traffic issues.
Thanks for your response
here is back ground:
We are using multicast sparse dense mode, SRX uses loopback if one avaible or the lowest IP on the box to source REGISTER MESSAGE
Our set up
Multicast source----SRX f1 220.127.116.11/24--------18.104.22.168/24 BROCADE ( RP)---REST OF MULTICAST NETWORK.
We have no control on RP and beyond, so REGSITER message must source from 22.214.171.124 in order for rp to accept it
At ay given time only 202.202.202 1 will be used by PIM REGISTER MESSAGE as source IP if the destination is 126.96.36.199, all other traffic will pass without NAT
Can you try following example...??
set security nat source pool p1 address 188.8.131.52/32 to 184.108.40.206/32set security nat source pool p1 port no-translationset security nat source rule-set 1 from zone trustset security nat source rule-set 1 to zone untrustset security nat source rule-set 1 rule mcast-nat match source-address 220.127.116.11/32set security nat source rule-set 1 rule mcast-nat then source-nat pool p1