Security

 View Only
last person joined: yesterday 

Ask questions and share experiences with Juniper Connected Security. Discuss Advanced Threat Protection, SecIntel, Secure Analytics, Secure Connect, Security Director, and all things related to Juniper security technologies.

How to NAT whole /24 subnet with /24 subnet with single IP?

  • 1.  How to NAT whole /24 subnet with /24 subnet with single IP?

    Posted 11-08-2022 10:24
    I have configured SIte-To-Site VPN between our Organization FW (SRX345) & AWS cloud end. Tunnel is established successfully.
    Now, the case is in our site after Corp FW we do not allows external subnets inside LAN we only advertise 10.0.0./8. To do so we need to do NATTING on CORP VPN FW in this case (Juniper SRX345) with any free IP between 10.232.14.0/24 & 10.232.15.0/24 range. We have already did the static NAT for one to one NATTING.
    Now the issue is, customer on AWS side wants to communicate his whole /24 subnet with our LAN side 6 /24 subnets & vise-e-versa.
    So i am not sure how we can do NATTING on SRX345 or if we need to use one single IP from above range or we need static NATTING for each IP address.
    So please let me if anyone have their opinion on this.
    Below are the local & remote subnets.
    LAN Side subnets>>> 10.233.200.0/24 10.233.206.0/24 10.233.207.0/24 10.233.208.0/24 10.233.209.0/24 10.233.210.0/24
    Customer side subnet>>10.101.0.0/24 


    ------------------------------
    Umesh Sarode
    ------------------------------