Hi everyone !
One of my client have a srx100 Juniper and i meet a problem for replace a static NAT.
To the juniper, a technician have create a static NAT 2 years ago (in the menu NAT → Static NAT) . The technician have NAT a WAN public address to a LAN private address.
The technician have create this static NAT : WAN address: 126.96.36.199 → LAN address 192.168.1.10 (SRV-02).
This static NAT permit to ping and to have access to the 188.8.131.52.
Today, i would like to replace this static NAT by this :
WAN address: 184.108.40.206 → LAN address 192.168.1.20 (SRV-02).
But when i try to modify this static NAT, my Wan PC wont to ping and have access to the 220.127.116.11.
I have copy and apply the sames policy of the SRV-01 for the new SRV-02.
Thank you for your help.
i'm sorry for the size pictures, i have attached a .PDF of the 2 pictures if you want 🙂 .
In addition to the change of the Static NAT policy, you must also update the sercurity policy that permits the traffic.
NAT is under
security > NAT > Static
Security will be organized by zone
security > policies > from-zone untrust to-zone trust (or your internal zone name post nat)
see the full example on page 13 here
Hi Steve Puluka,
Thank you for your answer.
I have checked :
- Policies from-zone untrust to-zone trust → All is openned
- Policies from-zone trust to-zone untrust → All is openned
-The best practices of the static NAT configuration (page 13) → All it's OK
Someone have an other proposition ?
Access the cli and from the cli, enter this command and then use the temporary commit, to verify that it works then commit a second time before expiration on temp window to apply it permanently
user@srx100# replace pattern 192.168.1.10 with 192.168.1.20
commit confirmed 8
Test if all works, then if satisfied, enter commit within 8 minutes.