SRX

Dear All,

Please help me to solve destination nat configuration erros.I have two wan and running per-packet loadbalance (not failover).i want to access my some servers in my local network from external network . i try to configure destination nat according following links. But i cannot access.I can access my firewall wan interface from external network.i want to get remote access to my servers from externa network.how should i do? do i need following configuration in security policy.

}
from-zone untrust to-zone trust {
policy aztserveraccess {
match {
source-address any;
destination-address any;
application any;
source-identity any;
}
then {
permit {
destination-address {
drop-untranslated;
}
}
}
}

http://www.mustbegeek.com/configure-destination-nat-in-juniper-srx/

https://www.juniper.net/documentation/en_US/junos/topics/example/nat-security-destination-address-port-translation-configuring.html

Do the verification commands show any sessions using nat?

show security nat destination pool all

security nat destination rule all

Does you specific inbound test create a session?

show security flow session

you can also walk throught the tests outlined here and post the results from any step you need assitance in interpreting

https://kb.juniper.net/InfoCenter/index?page=content&id=KB21839

Dear All,

Now i fixed my error by using proxy arp.I forgot to config proxy arp for public IP. Thanks for your help

Dear all,

Destiantion NAT cant only single ISP link ? I can configured Destination NAT in one ISP but another ISP link cannot configure dastination NAT.  and Proxy ARP doesn't work

Yes, you should be able to use destination nat in both ISP.  What are the failure symptoms?

Are both ISP in the same routing domain or virtual router?

If so, you might also need to use source nat on the inbound traffic to be sure the reply traffic goes back out the same isp if your default route points to the other isp.