Re: [j-nsp] NAT

GIULIANO (UOL) Wed, 18 Jun 2008 12:30:57 -0700

Manu,

You can try some script like:


services {
    nat {
        pool external {
            address-range low 200.204.x.a high 200.204.5.x.f;
            port automatic;
        }
        rule internet {
            match-direction output;
            term internet {
                from {
                    source-address {
                        192.168.5.0/24;
                    }
                }
                then {
                    translated {
                        source-pool external;
                        translation-type {
                            source dynamic;
                        }
                    }
                }
            }
            term all {
                from {                <------ Introduce the APP for MGT
                    source-address {
                        any-unicast;
                    }
                }
                then {
                    no-translation;
                }
            }
        }
    }
    service-set internet {
        nat-rules internet;
        interface-service {
            service-interface sp-0/0/0;
        }
    }
}


http://www.wztech.com.br/config/junos-nat-internet

It's possible...

Let's see your stateful-firewall rules...

Stefan Fouant
Principal Network Engineer
NeuStar, Inc. - http://www.neustar.biz
On Wed, Jun 18, 2008 at 2:17 PM, Manu Chao <[EMAIL PROTECTED]> wrote:

Hello,

I have configured Source NAT on a J router by using the public WAN IP for
the NAT pool range.
NAT work fine but i can no longer manage my router from the public
network...

Questions:
How can i correct my NAT configuration in order to manage my router with
the
same IP than the NAT POOL?
Is it possible or need i an additionnal public IP?

Here is my configuration:

interfaces {
   ge-/0/0/0 {
       description WAN;
       unit 0 {
           family inet {
               service {
                   input {
                       service-set jweb-wan-sfw-service-set;
                   }
                   output {
                       service-set jweb-wan-sfw-service-set;
                   }
               }
               address 1.1.1.1/24;

services {

   service-set jweb-wan-sfw-service-set {
       stateful-firewall-rules jweb-sfw-to-wan;
       stateful-firewall-rules jweb-sfw-from-wan;
       nat-rules jweb-nat-to-wan;
       interface-service {
           service-interface sp-0/0/0;
       }

   nat {
       pool jweb-nat-pool {
           address-range 1.1.1.1/32;
           port automatic;
       }
       rule jweb-nat-to-wan {
           match-direction output;
           term jweb-nat-term {
               then {
                   translated {
                       source-pool jweb-nat-pool;
                       translation-type {
                           source dynamic;


Any help will be appreciated!!!!

Regards,
Manu
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

__________ Information from ESET NOD32 Antivirus, version of virus signature 
database 3198 (20080618) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com


_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] NAT

Reply via email to