Should I add static NAT statement ?
On Thu, Nov 28, 2013 at 1:26 PM, Mohammad Khalil <eng.m...@gmail.com> wrote: > No the session is not up , and I have changed the port to be 23 on both > sides (junos-telnet) and still not working ? > > > On Thu, Nov 28, 2013 at 1:04 PM, Per Westerlund <p...@westerlund.se> wrote: > >> No, those source nat rules should have no effect on you problem. When the >> inbound traffic matches (hopefully) the requirements, a complete flow is >> set up. The return traffic automatically gets the proper nat handling to >> match the inbound traffic. The outbound traffic will use source NAT that >> matches the inbound destination NAT. >> >> The source NAT rules you showed only affect traffic initiate from the >> trust zone, exiting to the untwist zone. >> >> Your problem is unfortunately somewhere else. >> >> Do you get a session set up at all (could be a problem at the target >> host)? >> >> show security flow session destination-prefix >> 24.173.164.162/32destination-port 3333 >> >> It can be helpful to trace the flow setup to see if there is any traffic >> at all, and where it fails. >> >> /Per >> >> 28 nov 2013 kl. 10:53 skrev Mohammad Khalil <eng.m...@gmail.com>: >> >> Yes , it's in place with no luck >> set security nat source rule-set trust-to-untrust from zone trust >> set security nat source rule-set trust-to-untrust to zone untrust >> set security nat source rule-set trust-to-untrust rule nonat match >> source-address 132.147.160.0/24 >> set security nat source rule-set trust-to-untrust rule nonat match >> destination-address 132.150.160.0/24 >> set security nat source rule-set trust-to-untrust rule nonat then >> source-nat off >> set security nat source rule-set trust-to-untrust rule nonat2 match >> source-address 132.147.160.0/24 >> set security nat source rule-set trust-to-untrust rule nonat2 match >> destination-address 10.6.1.0/24 >> set security nat source rule-set trust-to-untrust rule nonat2 then >> source-nat off >> set security nat source rule-set trust-to-untrust rule source-nat-rule >> match source-address 0.0.0.0/0 >> set security nat source rule-set trust-to-untrust rule source-nat-rule >> match destination-address 0.0.0.0/0 >> set security nat source rule-set trust-to-untrust rule source-nat-rule >> then source-nat interface >> >> Do the above configuration affect what am doing ? am not that expert in >> SRX >> >> >> > _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp