Hello Folks,
I am configuring a cluster of SRX240s running 11.1R3.5 for destination NAT.
Simply, a device in the DMZ zone on a private IP address listening on port 22
needs to be reachable from the untrust zone on port 22.
destination {
pool wilderness {
address 172.16.253.10/32 port 22;
}
rule-set incoming-connections {
from interface reth0.352;
rule port-forward {
match {
destination-address 88.94.205.5/32;
destination-port 22;
}
then {
destination-nat pool wilderness;
}
}
}
}
proxy-arp {
interface reth0.352 {
address {
88.94.205.5/32;
}
}
}
I think this looks OK, but when I commit I get this error:
error: The number of destination NAT pools exceeds limit of 0
[edit security nat destination rule-set incoming-connections rule port-forward
then destination-nat]
'pool'
failed to get pool (wilderness)
error: configuration check-out failed
Does anybody know whats happening here?
Thanks,
Leigh Porter
UK Broadband
______________________________________________________________________
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
______________________________________________________________________
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
