No, those source nat rules should have no effect on you problem. When the
inbound traffic matches (hopefully) the requirements, a complete flow is set
up. The return traffic automatically gets the proper nat handling to match the
inbound traffic. The outbound traffic will use source NAT that matches the
inbound destination NAT.
The source NAT rules you showed only affect traffic initiate from the trust
zone, exiting to the untwist zone.
Your problem is unfortunately somewhere else.
Do you get a session set up at all (could be a problem at the target host)?
show security flow session destination-prefix 24.173.164.162/32
destination-port 3333
It can be helpful to trace the flow setup to see if there is any traffic at
all, and where it fails.
/Per
28 nov 2013 kl. 10:53 skrev Mohammad Khalil <eng.m...@gmail.com>:
> Yes , it's in place with no luck
> set security nat source rule-set trust-to-untrust from zone trust
> set security nat source rule-set trust-to-untrust to zone untrust
> set security nat source rule-set trust-to-untrust rule nonat match
> source-address 132.147.160.0/24
> set security nat source rule-set trust-to-untrust rule nonat match
> destination-address 132.150.160.0/24
> set security nat source rule-set trust-to-untrust rule nonat then source-nat
> off
> set security nat source rule-set trust-to-untrust rule nonat2 match
> source-address 132.147.160.0/24
> set security nat source rule-set trust-to-untrust rule nonat2 match
> destination-address 10.6.1.0/24
> set security nat source rule-set trust-to-untrust rule nonat2 then source-nat
> off
> set security nat source rule-set trust-to-untrust rule source-nat-rule match
> source-address 0.0.0.0/0
> set security nat source rule-set trust-to-untrust rule source-nat-rule match
> destination-address 0.0.0.0/0
> set security nat source rule-set trust-to-untrust rule source-nat-rule then
> source-nat interface
>
> Do the above configuration affect what am doing ? am not that expert in SRX
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
