Good day,
I have a SRX240 with 2 isp's
the primary use a PPoE pp0.0 and work as expected
The secondary use ethernet with vlan tagging.
I switched some of the ipsec tunnels to this new connection, and works fine.
i also want to use destination nat. but this isn't working.
ge-0/0/15 {
vlan-tagging;
unit 9 {
vlan-id 9;
family inet {
address 1.2.3.4/28;
}
}
}
The Routing instance
fiber {
instance-type virtual-router;
interface ge-0/0/15.9;
routing-options {
interface-routes {
rib-group inet inet-group;
}
static {
route 0.0.0.0/0 next-hop 1.2.3.5
}
}
}
Routing options
interface-routes {
rib-group inet inet-group;
}
static {
route 0.0.0.0/0 next-hop pp0.0;
}
rib-groups {
inet-group {
import-rib [ inet.0 fiber.inet.0 ];
}
}
Destenation nat
rule-set untrust {
from zone untrust;
rule myserver {
match {
destination-address 0.0.0.0/0;
destination-port 443;
}
then {
destination-nat {
pool {
myserver;
}
}
}
}
}
rule-set untrust-fiber {
from zone untrust-fiber;
rule myserver-fiber {
match {
destination-address 0.0.0.0/0;
destination-port 443;
}
then {
destination-nat {
pool {
myserver;
}
}
}
}
}
The security policies are identical for untrust and untrust-fiber
If i connect to the public ip of pp0.0 the webpage shows.
if i connect to the public ip of ge-0/0/15.9 there is no response.
I know the connection is working, since the ipsec is working fine.
what am i missing?