Routing

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



Expand all | Collapse all

VM is not using static NAT IP for outgoing communication

  • 1.  VM is not using static NAT IP for outgoing communication

    Posted 4 days ago
    Hi,

    we have configured routing-instances for 2 ISP's 
    One of our Exchange-Server which is configured for static NAT ist not using the IP (xxx.xxx.xxx.27) configured in the static nat configuration.
    The server is using instead the IP of the SRX (xxx.xxx.xxx.26) which makes a problem for SPF query for other mail servers.

    Here is the setting :

    set security zones security-zone untrust interfaces ge-0/0/4.0 host-inbound-traffic protocols all
    set security zones security-zone untrust1 interfaces ge-0/0/5.0 host-inbound-traffic protocols all
    
    set interface ge-0/0/4 unit 0 description ISP2 family inet address xxx.xxx.xxx.26/29
    set interface ge-0/0/5 unit 0 description ISP1 family inet address xxx.xxx.xxx.212/29
    
    set routing-instances isp-1 instance-type virtual-router
    set routing-instances isp-1 interface ge-0/0/5.0
    set routing-instances isp-1 routing-options static route 0.0.0.0/0 next-hop xxx.xxx.xxx.211
    
    set routing-instances isp-2 instance-type virtual-router
    set routing-instances isp-2 interface ge-0/0/4.0
    set routing-instances isp-2 routing-options static route 0.0.0.0/0 next-hop xxx.xxx.xxx.25
    
    set routing-options interface-routes rib-group inet isp
    set routing-options static route 0.0.0.0/0 next-table isp-1.inet.0
    set routing-options rib-group isp import-rib [ inet.0 isp-1.inet.0 isp-2.inet.0 ]
    
    set firewall filter output-isp term to-isp-2 from source-address 192.168.XXX.0/24
    set firewall filter output-isp term to-isp-2 then routing-instance isp-2
    
    set firewall filter output-isp term default-isp from source-address 0.0.0.0/0
    set firewall filter output-isp term default-isp then routing-instance isp-1
    set firewall filter output-isp term default-allow then accept

    NAT Static

    emeiler@SRx300-KEM# edit security nat static

    [edit security nat static]
    rule-set rs-static-nat2 {
    from zone untrust;
    rule rule-static-MX01 {
    match {
    destination-address XXX.XXX.XXX.27/32;
    }
    then {
    static-nat {
    prefix {
    192.168.XXX.241/32;
    }
    }
    }
    }
    }

    Please lett me know where to modify the settings.

    Thx 

    Eduard

    ------------------------------
    Eduard Meiler
    ------------------------------


  • 2.  RE: VM is not using static NAT IP for outgoing communication

    Posted 3 days ago
    I figured out, that need to create a pool at static nat and assign the pool in a new rule

    set security nat source pool pl-isp2-27 address xxx.xxx.xxx.27

    security nat source rule-set rs1 rule r-MX01 then source-nat pool pl-isp2-27

    ------------------------------
    Eduard Meiler
    ------------------------------