SRX

Expand all | Collapse all

Source NAT using address book using dns-names

  • 1.  Source NAT using address book using dns-names

    Posted 12-05-2020 12:10
    I'm testing some nat and ran across this commit failure..   I wanted to apply that to my source  nat rule to use my vpn path to access the website.
    I know I can do this on other platforms like Pal . Im going to guess im doing something wrong on the SRX  . 
    If im doing something wrong can someone point me in the right direction ?
    Is this something the SRX 300 series cannot do ?
    Is there a work around for something like this ?

    [edit security nat source rule-set trust-to-VPN]
    from zone trust;
    to zone VPN;
    rule source-nat-10_9_0_24 {
    match {
    source-address-name 10-9-2-slash24;
    destination-address-name [ rfc1918 Juniper-website ];
    }
    then {
    source-nat {
    interface;

     address-book global address Juniper-website
    dns-name www.juniper.net {
    ipv4-only;
    }

    [edit security nat source rule-set trust-to-VPN rule source-nat-10_9_0_24 match]
    'destination-address-name Juniper-website'
    Address/address-set(Juniper-website) isn't supported in NAT rule
    error: configuration check-out failed


  • 2.  RE: Source NAT using address book using dns-names

    Posted 12-07-2020 11:21
    Hi Tgreaser:

    Maybe try changing the name Juniper-website to begin with a word other than juniper. I believe using the word juniper such as you have here is not allowed. 

    FS

    ------------------------------
    Stuart
    ------------------------------



  • 3.  RE: Source NAT using address book using dns-names

    Posted 12-07-2020 17:33
    I was so hoping that would have worked. Nope..

    [edit security nat source rule-set trust-to-VPN rule source-nat-10_9_0_24 match]
    'destination-address-name dns-website'
    Address/address-set(dns-website) isn't supported in NAT rule
    error: configuration check-out failed

    Side note. 
    I have submitted a ER for to my sales team.
    Im going to try and see if I can create a community for a spot were people can post ERs they have submitted. I know I've submitted like 15 ERs since I jumped to Junos.


  • 4.  RE: Source NAT using address book using dns-names

    Posted 12-07-2020 18:00
    Have you tried using the IP addresses rather than address-book entries? Just to test that the NAT configuration is good. You will at least then know if it is the address book, address name or something to do with that part of the configuration.

    What version of Junos are you running?

    ------------------------------
    Stuart
    ------------------------------