vSRX

Expand all | Collapse all

Static NAT problem

Jump to Best Answer
  • 1.  Static NAT problem

    Posted 08-13-2018 21:02

    I follow the guide at https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-nat-static.html

    I'm not using address-book. Use the IP instead.

    When commit, I got "error: configuration check-out failed"

     

    Below are the current settings:

    ge-0/0/1, internet facing, IP:218.213.221.199/27

    ge-0/0/2, internal facing, IP:10.10.1.1/24

    A FTP server with internal IP:10.10.1.2/24 and prepare to assign 218.213.221.198/27 for its public IP

     

    By following the CLI Quick Configuration in above link. I got below error when commit

    [edit security nat proxy-arp interface ge-0/0/1.0]
    'address 218.213.221.198/27'
    Proxy ARP IP address range [218.213.221.198 218.213.221.223] overlaps with interface IP address range [218.213.221.199 218.213.221.199] defined on interface 'ge-0/0/1.0'
    error: configuration check-out failed
    [edit]

    Also it's strange that the boardcast address for .199 is show ".199" instead of ".223"

     



  • 2.  RE: Static NAT problem
    Best Answer

     
    Posted 08-13-2018 21:22

    Hello,

     

    Are you having one FTP server or a subnet of servers?

    If it is a single server(10.10.1.2/32) then you need to set the proxy arp for 218.213.221.198/32 (Just one IP) instead of 218.213.221.198/27. Because  the latter would mean device is expected to proxy ARP for whole of the subnet which involves the interface IP as well and this is not required.

     

    Thanks,

    Pranita



  • 3.  RE: Static NAT problem

    Posted 08-13-2018 23:13

    Thanks pranita. change to /32 can commit sucessfully. I thought that was the mask bits of the subnet.