Date: Mon, 17 Dec 2012 13:06:05 +0300
Dears
i have SSG 520 and i am configured VPN site-to-site with Cisco router .
the VPN status is up and both LAN are ping .
siteA : peer ip : 1.1.1.1 local user 192.168.120.10
site B
peer ip 2.2.2.2local user 10.70.12.10
in site to site setup local users on both site are ping
i want know to change in my setup small things , which is change local subnet
in site A to be 10.10.1.10 without any change on site B.
so i need to configure source Nat and destination NAT as below
1- configure source NAT for for new subnet for site A (10.10.1.10 ) -----> to
be NAT to the old subnet (192.168.120.10)
we use DIP for this policy based ==> source : 10.10.1.10
destination : 10.70.12.10 enable source NAT with
DIP which configure up
2- configure destination NAT for the traffic coming from site B and
destination 192.168.120.10 , note : that site B still ask for 192.168.120.10
no VPN changes on site B so the request from site B to Site A as below
source : 10.70.12.10destination : 192.168.120.10 we need to enable Destination
NAT (if destination 192.168.120.10 translate it to 10.10.1.10)
i did all the setup , and configured source NAT and it worked fine but my
problem was in destination NAT it's not working and nothing in policy log.
could you plz advice AS SOON AS POSSIPLE
Best regards
osama hammoudeh
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp