> > Anyone have any success in getting a destination-nat on SRX respond to >> ICMP? >> Any tricks to loopback to 127.0.0.1 or anything else? Don't really care >> how, just would like it as an option. >> >> Scott >> > > Hey Scott, > > Can you describe the setup in more detail? Usually NAT is designed to > translate traffic for hosts that are behind the firewall, so the host should > usually be the one to respond to ICMP. Are you talking about doing > destination-NAT to an address located on the SRX itself?
With SRX static-nat, all traffic (all protocols) is forwarded to a specific IP. With SRX destination-nat, a specific protocol (tcp/udp, presumably) is forwarded to a specific IP [and optionally port] There does not appear to be an option in destination-nat to send ICMP to an IP, so that it responds to, for example, ping. Scott _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
