Thanks for the reply , I will try it and feed back ISA BR, Mohammad
On Thu, Oct 24, 2013 at 9:16 AM, Ben Hammadi, Kayssar (NSN - TN/Tunis) < kayssar.ben_hamm...@nsn.com> wrote: > Hi Mohammad, > > You need to add " from routing-instance default" on the normal NAT rule, > it work for me on 10.4 : > > > NSN@TSA3-GIFWA9002# show security nat source rule-set rs-trust_2_untrust > from zone TRUST; > to zone UNTRUST; > rule nat-trust_2_untrust_10_0 { > match { > source-address " lo0 " ; > } > then { > source-nat { > pool { > internet-pool; > } > } > } > } > > set security nat source rule-set Jtac from routing-instance default > > Br. > > BEN HAMMADI Kayssar > > NOKIA SIEMENS NETWORKS > Lead Engineer -BroadBand Connectivity > JNCIE-M (#471), JNCIE-SP (#1147), CCIP > Mobile : +216 29 349 952 / +216 98 349 952 > > _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp