So after tearing my hair out all day over reading examples about NAT I've finally come up with a configuration i think should work but doesn't fully... Being pretty new to JUNOS, the mess with NAT, JUNOS, JUNOS-ES, pre-9.5 or 9.5 really makes you grasp for your breath.
I want to NAT all traffic from 192.168.4.0/24 (in zone trust on interface ge-0/0/3.0) to all other hosts (in zone untrust on interface ge-0/0/2.0) BUT traffic to same zone/interface but with destination 192.168.0.0/16
My configuration looks like this
gustav@dev-j2320# show security
nat {
source {
rule-set service-net-nat {
from interface ge-0/0/3.0;
to interface ge-0/0/2.0;
rule nat-defeat {
match {
source-address 192.168.4.0/24;
destination-address 192.168.0.0/16;
}
then {
source-nat off;
}
}
rule service-net-nat {
match {
source-address 192.168.4.0/24;
}
then {
source-nat interface;
}
}
}
}
}
zones {
security-zone trust {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
ge-0/0/3.0;
}
}
security-zone untrust {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
ge-0/0/2.0;
}
}
}
policies {
from-zone trust to-zone untrust {
policy default-permit {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone untrust to-zone trust {
policy default-permit {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
}
I can se that ALL traffic gets translated, even to the 192.168.0.0/16 subnet, the rule nat-defeat gets zero hits and so on. How is this possible? What am I missing?
All help kindly appreciated!
#J-Series#2320#9.5#NAT