Hi,
we have configured routing-instances for 2 ISP's
One of our Exchange-Server which is configured for static NAT ist not using the IP (xxx.xxx.xxx.27) configured in the static nat configuration.
The server is using instead the IP of the SRX (xxx.xxx.xxx.26) which makes a problem for SPF query for other mail servers.
Here is the setting :
set security zones security-zone untrust interfaces ge-0/0/4.0 host-inbound-traffic protocols all
set security zones security-zone untrust1 interfaces ge-0/0/5.0 host-inbound-traffic protocols all
set interface ge-0/0/4 unit 0 description ISP2 family inet address xxx.xxx.xxx.26/29
set interface ge-0/0/5 unit 0 description ISP1 family inet address xxx.xxx.xxx.212/29
set routing-instances isp-1 instance-type virtual-router
set routing-instances isp-1 interface ge-0/0/5.0
set routing-instances isp-1 routing-options static route 0.0.0.0/0 next-hop xxx.xxx.xxx.211
set routing-instances isp-2 instance-type virtual-router
set routing-instances isp-2 interface ge-0/0/4.0
set routing-instances isp-2 routing-options static route 0.0.0.0/0 next-hop xxx.xxx.xxx.25
set routing-options interface-routes rib-group inet isp
set routing-options static route 0.0.0.0/0 next-table isp-1.inet.0
set routing-options rib-group isp import-rib [ inet.0 isp-1.inet.0 isp-2.inet.0 ]
set firewall filter output-isp term to-isp-2 from source-address 192.168.XXX.0/24
set firewall filter output-isp term to-isp-2 then routing-instance isp-2
set firewall filter output-isp term default-isp from source-address 0.0.0.0/0
set firewall filter output-isp term default-isp then routing-instance isp-1
set firewall filter output-isp term default-allow then accept
NAT Static
emeiler@SRx300-KEM# edit security nat static
[edit security nat static]
rule-set rs-static-nat2 {
from zone untrust;
rule rule-static-MX01 {
match {
destination-address XXX.XXX.XXX.27/32;
}
then {
static-nat {
prefix {
192.168.XXX.241/32;
}
}
}
}
}
Please lett me know where to modify the settings.
Thx
Eduard
------------------------------
Eduard Meiler
------------------------------