Hi,
Fairly new to Juniper but I'm having an issue with destination NAT. I have read all the different forums and followed along with no success, a few I read said I needed proxy ARP but when I try to add this I get an error
1) Proxy ARP IP address range [207.xxx.xxx.70 207.xxx.xxx.70] overlaps with interface IP address range [207.xxx.xxx.70 207.xxx.xxx.70] defined on interface 'ge-0/0/0.0'
Any help is massively appreciated. I am waiting for our reseller to activate our support contract with Juniper so I can get the Jtac team to look but that's going to take a few days at least and I need to get it up and running ASAP.
Set UP:
ge-0/0/0 - External interface - 207.XXX.XXX.70/24
ge-0/0/1- Internal interface - 10.0.1.1/24
Server trying to access 10.0.1.104:443 from 207.XXX.XXX.70:8443
Config ---
nat {
source {
rule-set nsw_srcnat {
from zone Internal;
to zone Internet;
rule nsw-src-interface {
match {
source-address 0.0.0.0/0;
destination-address 0.0.0.0/0;
}
then {
source-nat {
interface;
}
}
}
}
}
destination {
pool Web_Pool {
address 10.0.1.104/32 port 443;
}
rule-set Web_RS {
from zone Internet;
rule Web_RULE {
match {
source-address 0.0.0.0/0;
destination-address 207.xxx.xxx.70/32;
destination-port {
8443;
}
}
then {
destination-nat {
pool {
Web_Pool;
}
}
}
}
}
}
}
policies {
from-zone Internal to-zone Internet {
policy All_Internal_Internet {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone Internet to-zone Internal {
policy Web_Traffic {
match {
source-address any;
destination-address Web;
application any;
dynamic-application any;
}
then {
permit;
}
}
}
}
zones {
security-zone Internal {
interfaces {
ge-0/0/1.0 {
host-inbound-traffic {
system-services {
ping;
dhcp;
}
}
}
}
}
security-zone Internet {
interfaces {
ge-0/0/0.0;
}
}
}
}
interfaces {
ge-0/0/0 {
unit 0 {
family inet {
address 207.xxx.xxx.70/24;
}
}
}
ge-0/0/1 {
unit 0 {
family inet {
address 10.0.1.1/24;
}
------------------------------
GRAEME MCKAY
------------------------------