I've got two srx3400 clusters that disagree with you about proxy-arp. :) Scott
On Wed, Mar 2, 2011 at 7:50 PM, Daniel M Daloia Jr <daniel.dal...@yahoo.com>wrote: > Almost positive that proxy-arp is required for NAT on the SRX series if the > destination addresses is not assigned to the interface. Not in front of my > gear now, but can lab it out tomorrow. As for the static NAT, two lines is > necessary. > > -Dan > > > ----- Original Message ----- > From:Scott T. Cameron <routeh...@gmail.com> > To:juniper-nsp@puck.nether.net > Cc: > Sent:Wednesday, March 2, 2011 7:12 PM > Subject:Re: [j-nsp] SRX Static NAT > > You should only need proxy-arp if your particular routing scenario requires > it. If all the IPs that you are answering for are routed to you, then > there's no need for proxy-arp. > > However, you'll still require 2 lines per static nat. One for the match, > and one for the action. > > Scott > > On Wed, Mar 2, 2011 at 7:05 PM, Bill Blackford <bblackf...@gmail.com> > wrote: > > > I am looking for a more efficient method to define/map several > > scattered/non-contiguous static NATS. I can use pools to map ranges > > for end user blocks, but this need is for publishing services > > (servers) globally on a one by one basis. > > > > ex., > > > > using the following method, I would need to make a separate rule and a > > proxy-arp address for each one-to-one snat. > > > > <snip> > > static { > > rule-set SNAT1 { > > from interface ge-0/0/0.0; > > rule SNAT-TEST0 { > > match { > > destination-address 66.x.y.6/32; > > } > > then { > > static-nat prefix 192.168.1.65/32; > > } > > } > > rule SNAT-TEST1 { > > match { > > destination-address 66.x.y.18/32; > > } > > then { > > static-nat prefix 192.168.13.67/32; > > } > > } > > } > > } > > proxy-arp { > > interface ge-0/0/0.0 { > > address { > > 66.x.y.6/32; > > 66.x.y.18/32; > > } > > } > > } > > </snip> > > > > I remember doing a single line in screenos unless my recollection is off. > > > > On the Cisco ASA/PIX, it's a single line 'static (inside,outside) > > ....' statement. > > Is there an equivalently efficient method on the SRX? > > > > Thank you in advance for any input. > > > > -b > > > > > > -- > > Bill Blackford > > Network Engineer > > > > Logged into reality and abusing my sudo privileges..... > > _______________________________________________ > > juniper-nsp mailing list juniper-nsp@puck.nether.net > > https://puck.nether.net/mailman/listinfo/juniper-nsp > > > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > > > > > _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp