Hi Mohammad, You need to add " from routing-instance default" on the normal NAT rule, it work for me on 10.4 :
NSN@TSA3-GIFWA9002# show security nat source rule-set rs-trust_2_untrust from zone TRUST; to zone UNTRUST; rule nat-trust_2_untrust_10_0 { match { source-address " lo0 " ; } then { source-nat { pool { internet-pool; } } } } set security nat source rule-set Jtac from routing-instance default Br. BEN HAMMADI Kayssar NOKIA SIEMENS NETWORKS Lead Engineer -BroadBand Connectivity JNCIE-M (#471), JNCIE-SP (#1147), CCIP Mobile : +216 29 349 952 / +216 98 349 952 _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp