Post by sameer mughalThanks Ola.
Actually, I want to do this NAT through the interface.
Senario: public ip /32 on interface and private ip belongs to my LAN
segment.
Please advice.
Isn't that about exactly what the Juniper-example does?
set security nat static rule-set MY-RULE-SET from zone untrust
set security nat static rule-set MY-RULE-SET rule RULE1 match
destination-address 202.101.83.50/32
set security nat static rule-set MY-RULE-SET rule RULE1 then static-nat
prefix 10.10.10.80/32
If 202.101.83.50 is set on the wan-interface, you do not need proxy-arp
Adjust security-policies as needed:
set security policies from-zone trust to-zone untrust policy permit-all
match source-address 10.10.10.80
set security policies from-zone trust to-zone untrust policy permit-all
match destination-address any
set security policies from-zone trust to-zone untrust policy permit-all
match application any
set security policies from-zone trust to-zone untrust policy permit-all
then permit
set security policies from-zone untrust to-zone trust policy
server-access match source-address any
set security policies from-zone untrust to-zone trust policy
server-access match destination-address 10.10.10.80
set security policies from-zone untrust to-zone trust policy
server-access match application any
set security policies from-zone untrust to-zone trust policy
server-access then permit
Of course you also need to modify the name of your security zones and
rule-sets and rules to suit your setup.
Post by sameer mughalPost by sameer mughalHi,
Can anyone help me to configure static NAT bidirectional?
https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-nat-static.html
Rgds.
Ola Thoresen
nLogic AS
_______________________________________________
https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list juniper-***@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp