Steve,
Thank you for your response let me share some config snippets. IP Addresses have changed for security reasons.
set security nat static rule-set rs1 from zone untrust
set security nat static rule-set rs1 rule Genband match destination-address 2.2.2.2/32
set security nat static rule-set rs1 rule Genband then static-nat prefix 1.1.1.2/32
set security nat static rule-set rs1 rule EX4200 match destination-address 2.2.2.3/32
set security nat static rule-set rs1 rule EX4200 then static-nat prefix 1.1.1.3/32
set security nat proxy-arp interface ge-0/0/3.0 address 2.2.2.2/32
set security nat proxy-arp interface ge-0/0/3.0 address 2.2.2.3/32
set security policies from-zone trust to-zone untrust policy trust-to-untrust match source-address any
set security policies from-zone trust to-zone untrust policy trust-to-untrust match destination-address any
set security policies from-zone trust to-zone untrust policy trust-to-untrust match application any
set security policies from-zone trust to-zone untrust policy trust-to-untrust then permit
set security policies from-zone untrust to-zone trust policy Genband match source-address any
set security policies from-zone untrust to-zone trust policy Genband match destination-address Genband
set security policies from-zone untrust to-zone trust policy Genband match application any
set security policies from-zone untrust to-zone trust policy Genband then permit
set security policies from-zone untrust to-zone trust policy EX4200 match source-address any
set security policies from-zone untrust to-zone trust policy EX4200 match destination-address EX4200
set security policies from-zone untrust to-zone trust policy EX4200 match application any
set security policies from-zone untrust to-zone trust policy EX4200 then permit
set security zones security-zone trust host-inbound-traffic system-services all
set security zones security-zone trust host-inbound-traffic system-services ssh
set security zones security-zone trust host-inbound-traffic system-services http
set security zones security-zone trust host-inbound-traffic protocols all
set security zones security-zone trust interfaces vlan.0
set security zones security-zone trust interfaces ge-0/0/5.0 host-inbound-traffic system-services all
set security zones security-zone trust interfaces ge-0/0/5.0 host-inbound-traffic protocols all
set security zones security-zone untrust screen untrust-screen
set security zones security-zone untrust host-inbound-traffic system-services ssh
set security zones security-zone untrust host-inbound-traffic system-services ike
set security zones security-zone untrust host-inbound-traffic system-services ping
set security zones security-zone untrust interfaces ge-0/0/3.0
As you can see, all 3 elements are there, I would also like to point out that the config for the ex4200 works with not issues. The Genband only breaks when I ssh through the SRX, but even if I ssh to the SRX and then jump to the Genband it works. So what is it about the NAT that the Genband does not like?
Rick Hopkin
Magna5
Network Reliability Engineering Manager
469.409.1070 office
469.360.4450 mobile
rhopkin@magna5global.com
www.magna5global.com