Thank you for your reply. Here is my configuration. vlan user and mail server use the same default route to internet.
I will do the flow trace and the update is coming soon!
super@BB6-RTN01# show security nat static
rule-set C42-static-mail {
from zone untrust;
rule rule1 {
match {
destination-address 121.89.40.105/32;
}
then {
static-nat prefix 172.22.0.10/32;
}
}
}
super@BB6-RTN01# show routing-options static
route 172.16.0.0/12 discard;
route 0.0.0.0/0 {
qualified-next-hop pp0.0 {
metric 5;
}
qualified-next-hop pp0.4 {
metric 10;
}
}
super@BB6-RTN01# show security zones security-zone trust
tcp-rst;
interfaces {
ae2.100;
ae2.200;
}
super@BB6-RTN01# show security zones security-zone untrust
inactive: screen untrust-screen;
host-inbound-traffic {
system-services {
ping;
ssh;
telnet;
}
}
interfaces {
pp0.0;
pp0.1;
pp0.2;
pp0.3;
pp0.4;
}
super@BB6-RTN01# show interfaces pp0
unit 0 {
ppp-options {
pap {
access-profile PPPoE;
local-name ftthxxxx;
local-password "$9$gu4GDjHqzn/5T/tp0cSYgoaGikqm"; ## SECRET-DATA
passive;
}
}
pppoe-options {
underlying-interface ge-4/0/0.0;
idle-timeout 0;
auto-reconnect 10;
client;
}
family inet {
negotiate-address;
}
}
super@BB6-RTN01# show security policies from-zone trust to-zone untrust
policy permit-all {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
super@BB6-RTN01# show security policies from-zone untrust to-zone trust
policy static-mail {
match {
source-address any;
destination-address server1;
application any;
}
then {
permit;
}
}
super@BB6-RTN01# show security zones security-zone trust
tcp-rst;
address-book {
address server1 172.22.0.10/32;
}