On 7/11/2011 6:31 PM, Scott T. Cameron wrote:
With SRX static-nat, all traffic (all protocols) is forwarded to a
specific IP.
With SRX destination-nat, a specific protocol (tcp/udp, presumably) is
forwarded to a specific IP [and optionally port]
There does not appear to be an option in destination-nat to send ICMP to
an IP, so that it responds to, for example, ping.
Unless you are doing port translation, simply matching on
destination-address in your match statement and then specifying the
translated address in your then statement should do the trick. You may
need to enable proxy-arp in your environment if the ingress IP
(pre-translated) is a different address than the interface IP, but other
than that you shouldn't need to do anything fancy to enable ping traffic
to flow through...
Sorry I don't have access to a device at the moment to give you a
working config... can we see your configs in the meantime?
Stefan Fouant
JNCIE-ER #70, JNCIE-M #513, JNCI
Technical Trainer, Juniper Networks
http://www.shortestpathfirst.net
http://www.twitter.com/sfouant
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
