The routing will be determined by the route table so if routing has 10.1.10.0/24 going out
ge-0/0/2 then this will be the interface used for the the nat interface term.
Based on the config I am assuming ge-0/0/2 is mgmt10 zone and ge-0/0/20 is Internet zone.
If that is the case then no special rule is needed at all. As long as routing sends the traffic out the correct interface the generic all sources get nat interface translation will just work with the interface address being from the one where the traffic egresses.------------------------------
Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home------------------------------
Original Message:
Sent: 03-25-2021 16:15
From: bob
Subject: Split source nat based on destination
I want most traffic on ge-0/0/1 (trust) to source nat to ge-0/0/0 (Internet) unless it's destined for 10.1.10.0/24, then I want it to source nat to ge-0/0/2 / 10.1.10.29/24 and route to 10.1.10.1 gateway connected on another router. So far I have:
[edit security nat source rule-set trust_srcnat]root@router# show from zone trust;to zone [ Internet mgmt10 ];rule trust-mgmt10 { match { source-address 0.0.0.0/0; destination-address 10.1.10.0/24; } then { source-nat { interface; } }}rule trust-src-interface { match { source-address 0.0.0.0/0; destination-address 0.0.0.0/0; } then { source-nat { interface; } }}
Will this rule-set consider traffic destined for 10.1.10.0/24 first, or simply route everything per second rule? What else do I need to make this route right? I need a policy as well, but I'm trying to figure the nat first.