The policy looks good, but your nat isn't translating. You have 0 translation hits. Your destination address is never changed to 192.169.1.214 which is why your policy is never invoked. Is 192.168.1.214 reachable from the SRX? I would say check previous nat rules, but the position of this one is 1.
-Ben On Tue, Jun 22, 2010 at 1:00 PM, Brendan Mannella <bmanne...@teraswitch.com>wrote: > Ok i updated the address book from "." to "_" > > Below is the output of the commands, i havent had a chance to retest with > the updated address book to see if that does it, i will let you know. The > Nat and polices look ok.. > > > r...@srx210> show security nat static rule all > Total static-nat rules: 58 > > Static NAT rule: 51 Rule-set: static > Rule-Id : 1 > Rule position : 1 > From zone : untrust > Destination addresses : 111.111.111.214 (external public ip) > Host addresses : 192.168.1.214 > Netmask : 255.255.255.255 > Host routing-instance : N/A > Translation hits : 0 > > > > > r...@srx210> show security policies detail > Default policy: deny-all > Policy: trust-to-untrust, action-type: permit, State: enabled, Index: 4 > Sequence number: 1 > From zone: trust, To zone: untrust > Source addresses: > any: 0.0.0.0/0 > Destination addresses: > any: 0.0.0.0/0 > Application: any > IP protocol: 0, ALG: 0, Inactivity timeout: 0 > Source port range: [0-0] > Destination port range: [0-0] > > > Policy: 240-214, action-type: permit, State: enabled, Index: 5 > Sequence number: 1 > From zone: untrust, To zone: trust > Source addresses: > any: 0.0.0.0/0 > Destination addresses: > 192_168_1_214: 192.168.1.214/32 > Application: rdp > IP protocol: tcp, ALG: 0, Inactivity timeout: 1800 > Source port range: [0-0] > Destination port range: [3389-3389] > Application: junos-dns-udp > IP protocol: udp, ALG: dns, Inactivity timeout: 60 > Source port range: [0-0] > Destination port range: [53-53] > Application: junos-ftp > IP protocol: tcp, ALG: ftp, Inactivity timeout: 1800 > Source port range: [0-0] > Destination port range: [21-21] > Application: junos-http > IP protocol: tcp, ALG: 0, Inactivity timeout: 1800 > Source port range: [0-0] > Destination port range: [80-80] > Application: junos-https > IP protocol: tcp, ALG: 0, Inactivity timeout: 1800 > Source port range: [0-0] > Destination port range: [443-443] > Application: junos-ms-sql > IP protocol: tcp, ALG: 0, Inactivity timeout: 1800 > Source port range: [0-0] > Destination port range: [1433-1433] > Session log: at-create, at-close > > > _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp