Expand all | Collapse all

Static NAT problem

Jump to Best Answer
  • 1.  Static NAT problem

    Posted 08-13-2018 21:02

    I follow the guide at https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-nat-static.html

    I'm not using address-book. Use the IP instead.

    When commit, I got "error: configuration check-out failed"


    Below are the current settings:

    ge-0/0/1, internet facing, IP:

    ge-0/0/2, internal facing, IP:

    A FTP server with internal IP: and prepare to assign for its public IP


    By following the CLI Quick Configuration in above link. I got below error when commit

    [edit security nat proxy-arp interface ge-0/0/1.0]
    Proxy ARP IP address range [] overlaps with interface IP address range [] defined on interface 'ge-0/0/1.0'
    error: configuration check-out failed

    Also it's strange that the boardcast address for .199 is show ".199" instead of ".223"


  • 2.  RE: Static NAT problem
    Best Answer

    Posted 08-13-2018 21:22



    Are you having one FTP server or a subnet of servers?

    If it is a single server( then you need to set the proxy arp for (Just one IP) instead of Because  the latter would mean device is expected to proxy ARP for whole of the subnet which involves the interface IP as well and this is not required.




  • 3.  RE: Static NAT problem

    Posted 08-13-2018 23:13

    Thanks pranita. change to /32 can commit sucessfully. I thought that was the mask bits of the subnet.