You would assign a vlan for the internal /24 subnet and then determine if you want to have multiple ports on the SRX assigned to this or just a single port that is connecting to a down stream switch.
With multiple ports these all get assigned to the vlan and then an irb interface created as the layer 3 gateway of the subnet.
With a single port you simply configure that port as layer three for the gateway.
Once the layer 3 interface is created that needs to be added at a zone for security and nat policy to be created.
With the nat policy you write a policy from that internal zone to the existing wan link zone with a source nat interface policy.
Then a security policy either allow all or a set of policies to restrict traffic are created from the internal zone to the wan interface zone for outbound initiated traffic. The nat will then apply to any traffic that is permitted by policy.
------------------------------
Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
http://puluka.com/home------------------------------
Original Message:
Sent: 03-24-2023 16:31
From: LAVEL BURCH
Subject: One External Physical Port Two IPs
I am utilizing a SRX 380. The SRX currently has a /30 IP that is only routable across the Agency WAN. I am being assigned a /24 for backend devices that need access to internet. The backend IP space is RFC 1918 that gets nat'd to /30. There is a BGP peering between the /30 IP and uplink. What is the best route to allow backend devices utilize the /24 with the one uplink?
------------------------------
LAVEL BURCH
------------------------------