Routing

 View Only
last person joined: 2 days ago 

Ask questions and share experiences about ACX Series, CTP Series, MX Series, PTX Series, SSR Series, JRR Series, and all things routing, including portfolios and protocols.
  • 1.  VM is not using static NAT IP for outgoing communication

    Posted 09-13-2021 18:03
    Edited by emacdermid 09-13-2021 21:19
    Hi,

    we have configured routing-instances for 2 ISP's 
    One of our Exchange-Server which is configured for static NAT ist not using the IP (xxx.xxx.xxx.27) configured in the static nat configuration.
    The server is using instead the IP of the SRX (xxx.xxx.xxx.26) which makes a problem for SPF query for other mail servers.

    Here is the setting :

    set security zones security-zone untrust interfaces ge-0/0/4.0 host-inbound-traffic protocols all
    set security zones security-zone untrust1 interfaces ge-0/0/5.0 host-inbound-traffic protocols all
    
    set interface ge-0/0/4 unit 0 description ISP2 family inet address xxx.xxx.xxx.26/29
    set interface ge-0/0/5 unit 0 description ISP1 family inet address xxx.xxx.xxx.212/29
    
    set routing-instances isp-1 instance-type virtual-router
    set routing-instances isp-1 interface ge-0/0/5.0
    set routing-instances isp-1 routing-options static route 0.0.0.0/0 next-hop xxx.xxx.xxx.211
    
    set routing-instances isp-2 instance-type virtual-router
    set routing-instances isp-2 interface ge-0/0/4.0
    set routing-instances isp-2 routing-options static route 0.0.0.0/0 next-hop xxx.xxx.xxx.25
    
    set routing-options interface-routes rib-group inet isp
    set routing-options static route 0.0.0.0/0 next-table isp-1.inet.0
    set routing-options rib-group isp import-rib [ inet.0 isp-1.inet.0 isp-2.inet.0 ]
    
    set firewall filter output-isp term to-isp-2 from source-address 192.168.XXX.0/24
    set firewall filter output-isp term to-isp-2 then routing-instance isp-2
    
    set firewall filter output-isp term default-isp from source-address 0.0.0.0/0
    set firewall filter output-isp term default-isp then routing-instance isp-1
    set firewall filter output-isp term default-allow then accept

    NAT Static

    emeiler@SRx300-KEM# edit security nat static

    [edit security nat static]
    rule-set rs-static-nat2 {
    from zone untrust;
    rule rule-static-MX01 {
    match {
    destination-address XXX.XXX.XXX.27/32;
    }
    then {
    static-nat {
    prefix {
    192.168.XXX.241/32;
    }
    }
    }
    }
    }

    Please lett me know where to modify the settings.

    Thx 

    Eduard

    ------------------------------
    Eduard Meiler
    ------------------------------


  • 2.  RE: VM is not using static NAT IP for outgoing communication

    Posted 09-14-2021 05:41
    I figured out, that need to create a pool at static nat and assign the pool in a new rule

    set security nat source pool pl-isp2-27 address xxx.xxx.xxx.27

    security nat source rule-set rs1 rule r-MX01 then source-nat pool pl-isp2-27

    ------------------------------
    Eduard Meiler
    ------------------------------