Hi
I have 2 interfaces setup ge-0/0/1 is where most of my network servers are. I need when some devices go from ge-0/0/1 to ge-0/0/2 they appear to be coming from a 10.1.1.0 address. I also need when devices on ge-0/0/2 communicate to specific 10.1.1.x addresses that its sent to ge-0/0/1 and to a 192.168.1.x device.
Interface ge-0/0/1 = 192.168.1.0/24 inside_lan
Server A = 192.168.1.100 alias to be set on srx = 10.1.1.220
Server B = 192.168.1.101 alias to be set on srx = 10.1.1.221
Interface ge-0/0/2 = 10.1.1.0/24 inside_lan2
Server C = 10.1.1.200
Server D = 10.1.1.201
So if Server A sent traffic to Server C, I would want a flow like:
192.168.1.100 on ge-0/0/1 > Translate 192.168.1.100 to 10.1.1.220> ge-0/0/2 > 10.1.1.200
Server C would beleive that it was receiving traffic off 10.1.1.220. So the reverse would also need to be in place for when Server C trys to contact server A.
10.1.1.200 ge-0/0/2 > Translate 10.1.1.220 to 192.168.1.100 > ge-0/0/1 > 192.168.1.100
I think this can be done all in NAT rules something like the below?
nat {static {
rule-set inside_lan2 {
from zone inside_lan2;
rule 1 {
description SIP1;
match {
destination-address 10.1.1.220/32;}
then {
static-nat {
prefix {
192.168.1.100/32;}}}}
As for the policy I currently have the below policy but I think I need to put zone inside_lan2 in here as well?:
policy inside-zone-outbound {
match {
source-address any;
destination-address any;
application any;
from-zone inside_lan;
}
then {permit;}}
Please be gentle I'm a newbie!
#JUNOS#SRX#NAT