No, those source nat rules should have no effect on you problem. When the inbound traffic matches (hopefully) the requirements, a complete flow is set up. The return traffic automatically gets the proper nat handling to match the inbound traffic. The outbound traffic will use source NAT that matches the inbound destination NAT.
The source NAT rules you showed only affect traffic initiate from the trust zone, exiting to the untwist zone. Your problem is unfortunately somewhere else. Do you get a session set up at all (could be a problem at the target host)? show security flow session destination-prefix 24.173.164.162/32 destination-port 3333 It can be helpful to trace the flow setup to see if there is any traffic at all, and where it fails. /Per 28 nov 2013 kl. 10:53 skrev Mohammad Khalil <eng.m...@gmail.com>: > Yes , it's in place with no luck > set security nat source rule-set trust-to-untrust from zone trust > set security nat source rule-set trust-to-untrust to zone untrust > set security nat source rule-set trust-to-untrust rule nonat match > source-address 132.147.160.0/24 > set security nat source rule-set trust-to-untrust rule nonat match > destination-address 132.150.160.0/24 > set security nat source rule-set trust-to-untrust rule nonat then source-nat > off > set security nat source rule-set trust-to-untrust rule nonat2 match > source-address 132.147.160.0/24 > set security nat source rule-set trust-to-untrust rule nonat2 match > destination-address 10.6.1.0/24 > set security nat source rule-set trust-to-untrust rule nonat2 then source-nat > off > set security nat source rule-set trust-to-untrust rule source-nat-rule match > source-address 0.0.0.0/0 > set security nat source rule-set trust-to-untrust rule source-nat-rule match > destination-address 0.0.0.0/0 > set security nat source rule-set trust-to-untrust rule source-nat-rule then > source-nat interface > > Do the above configuration affect what am doing ? am not that expert in SRX _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp