Hello Folks, I am configuring a cluster of SRX240s running 11.1R3.5 for destination NAT.
Simply, a device in the DMZ zone on a private IP address listening on port 22 needs to be reachable from the untrust zone on port 22. destination { pool wilderness { address 172.16.253.10/32 port 22; } rule-set incoming-connections { from interface reth0.352; rule port-forward { match { destination-address 88.94.205.5/32; destination-port 22; } then { destination-nat pool wilderness; } } } } proxy-arp { interface reth0.352 { address { 88.94.205.5/32; } } } I think this looks OK, but when I commit I get this error: error: The number of destination NAT pools exceeds limit of 0 [edit security nat destination rule-set incoming-connections rule port-forward then destination-nat] 'pool' failed to get pool (wilderness) error: configuration check-out failed Does anybody know whats happening here? Thanks, Leigh Porter UK Broadband ______________________________________________________________________ This email has been scanned by the Symantec Email Security.cloud service. For more information please visit http://www.symanteccloud.com ______________________________________________________________________ _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp