Hi everyone!
I have a problem with a configuration I need to acheive and I wonder if anyone can help me.
UNTRUST: 1 interface with 2 IPs
FW: I have 1 SRX 340
TRUST: 2 devices in trust connected to ge1 and ge2 respectively (same VLAN)
Traffic comming from outside is NATed (NAT)
* See diagram
I have tryied with mix mode, setting up ge1 and ge2 as ethernet-switching access mode VLAN XX
and then family inet for the external interface (ge0) vlan-tagged and assign two addresses.
Until here everything ok but the problem comes when I need too create nat or policies and zones because SRX says that can't assign interfaces or policies in different levels (l2, l3).
What would be your recommendation for this configuration?.
My configs that won't work:
interfaces {
ge-0/0/0 {
vlan-tagging;
unit 0 {
vlan-id 200;
family inet {
address 20.20.20.10/24;
}
}
unit 1 {
vlan-id 300;
family inet {
address 20.20.21.10/24;
}
}
}
ge-0/0/1 {
unit 0 {
family ethernet-switching {
interface-mode access;
vlan {
members VLAN_100;
}
}
}
}
ge-0/0/2 {
unit 0 {
family ethernet-switching {
interface-mode access;
vlan {
members VLAN_100;
}
}
}
}
irb {
unit 100 {
family inet {
address 10.10.10.1/24;
}
}
}
}
vlans {
VLAN_100 {
vlan-id 100;
l3-interface irb.100;
}
}
-------------------------------------------
interfaces {
ge-0/0/0 {
unit 0 {
family ethernet-switching {
interface-mode trunk;
vlan {
members [ VLAN_200 VLAN_300 ];
}
}
}
}
ge-0/0/1 {
unit 0 {
family ethernet-switching {
interface-mode access;
vlan {
members VLAN_100;
}
}
}
}
ge-0/0/3 {
unit 0 {
family ethernet-switching {
interface-mode access;
vlan {
members VLAN_100;
}
}
}
}
irb {
unit 100 {
family inet {
address 10.10.10.1/24;
}
}
unit 200 {
family inet {
address 20.20.20.10/24;
}
}
unit 300 {
family inet {
address 20.20.21.10/24;
}
}
}
}
vlans {
VLAN_200 {
vlan-id 200;
l3-interface irb.200;
}
VLAN_100 {
vlan-id 100;
l3-interface irb.100;
}
VLAN_300 {
vlan-id 3009;
l3-interface irb.300;
}
}
Thank you very much
Kind regards!