Junos OS

hello guys, what's the equivalent of MIP (Netscreen OS) in JunOS?

I had this config, not sure if this is correct.

NetScreen command:

set interface "ethernet3" mip 5.5.17.29 host 192.168.1.29 netmask 255.255.255.255 vr "trust-vr"

---------

 set rule-set unTrustx1 from zone untrust

 set rule-set unTrustx1 rule rulex1 match destination-address 5.5.17.29/32
 set rule-set unTrustx1 rule rulex1 then static-nat prefix 192.168.1.29/32

 set security nat proxy-arp interface ge-0/0/0.0 address 5.5.17.29/32

 set address ethernet3 192.168.1.29/32

Thank you for any help.

Hi JJJCR,

The equivalent of MIP in SRX is static NAT which is bidirectional NAT.

The configuration you have pasted here is correct.

You only need the proxy arp if the traffic coming on for the NAt is in the same subnet as the ip on the SRX interface.

You will find the below kb useful;

http://kb.juniper.net/InfoCenter/index?page=content&id=KB21785

You may also find the below link useful for understanding Static NAt;

http://www.juniper.net/documentation/en_US/junos12.2/topics/example/nat-security-static-single-address-translation-configuring.html

hi ssn, good point about the proxy-arp.

But what if I don't need the proxy arp or the incoming traffic to NAT is not the same subnet as the IP on the SRX interface, what should be the command?

Thank you.

Hi JJJCR,

There would be no requirement for any command as such.

The upstream device should be aware of senduing the traffic related to this traffic to SRX.

That is, the default route should point to the SRX.

As soon as the traffic will hit the SRX , the NAT lookup will happen and convert it to the internal ip which will already have route/policy configured for this traffic and accordingly the traffic will be forwarded.

Hi ssn, thanks for the update. Yes I also notice for every example I found on Juniper website always has the proxy-arp on the command.

Thank you.

You're welcome!!!

The examples you may have seen could be having the conditions I mentioned.