SRX

Expand all | Collapse all

SRX100 - Problem for modifiy a static NAT

Jump to Best Answer
  • 1.  SRX100 - Problem for modifiy a static NAT

    Posted 08-11-2017 13:29
      |   view attached

    Hi everyone !

     

    One of my client have a srx100 Juniper and i meet a problem for replace a static NAT.

     

    To the juniper, a technician have create a static NAT 2 years ago (in the menu NAT → Static NAT) . The technician have NAT a WAN public address to a LAN private address.

     

    The technician have create this static NAT : WAN address: 185.46.95.125 → LAN address 192.168.1.10 (SRV-02).

     

    This static NAT permit to ping and to have access to the 185.46.95.125.

     

     Dessin1.png

     

    Today, i would like to replace this static NAT by this :

     

    WAN address: 185.46.95.125 → LAN address 192.168.1.20 (SRV-02).

     

    But when i try to modify this static NAT, my Wan PC wont to ping and have access to the 185.46.95.125.

     

    Dessin2.png

     

    I have copy and apply the sames policy of the SRV-01 for the new SRV-02.

      

    Thank you for your help.

     

    i'm sorry for the size pictures, i have attached a .PDF of the 2 pictures if you want 🙂 .

     

     

    Attachment(s)

    pdf
    Dessin1.pdf   186K 1 version


  • 2.  RE: SRX100 - Problem for modifiy a static NAT

     
    Posted 08-12-2017 06:22

    In addition to the change of the Static NAT policy, you must also update the sercurity policy that permits the traffic.

     

    NAT is under 

    security > NAT > Static

     

    Security will be organized by zone

     

    security > policies > from-zone untrust to-zone trust (or your internal zone name post nat)

     

    see the full example on page 13 here

     

    https://kb.juniper.net/library/CUSTOMERSERVICE/technotes/Junos_NAT_Examples.pdf



  • 3.  RE: SRX100 - Problem for modifiy a static NAT

    Posted 08-13-2017 09:31

    Hi Steve Puluka,

     

    Thank you for your answer.

     

    I have checked :

    - Policies from-zone untrust to-zone trust → All is openned

    - Policies from-zone trust to-zone untrust → All is openned 

    -The best practices of the static NAT configuration (page 13) → All it's OK

     

    Someone have an other proposition ?

     

    Thank you.



  • 4.  RE: SRX100 - Problem for modifiy a static NAT

    Posted 08-13-2017 19:44

    Access the cli and from the cli, enter this command and then use the temporary commit, to verify that it works then commit a second time before expiration on temp window to apply it permanently

    user@srx100# replace pattern 192.168.1.10 with 192.168.1.20

    commit confirmed 8

    Test if all works, then if satisfied, enter commit within 8 minutes.



  • 5.  RE: SRX100 - Problem for modifiy a static NAT
    Best Answer

    Posted 08-13-2017 23:36
    Hi everyone,

    I have finaly found the solution. On the srv-02, the service windows firewall be crashed. I have restart the service and the access be possible.

    Thank you again for your help.