Is the dst ip pingabl drom the fw? I thought the system auto monitors to see if the dnat dst responds to icmp packets and if not, will not work.... ?
-- Payam Chychi Network Engineer / Security Specialist On Thursday, November 28, 2013 at 3:08 AM, Mohammad Khalil wrote: > Ok I have changed the static IP address to 164 and the static NAT worked , > I will try the destination port again > > > On Thu, Nov 28, 2013 at 2:04 PM, Mohammad Khalil <eng.m...@gmail.com> wrote: > > > Ok i will give it a shot , but before that I have tried something > > different , I just want to configure static NAT (one to one) > > set security nat static rule-set static-nat from zone untrust > > set security nat static rule-set static-nat rule ALTOS_STATIC match > > destination-address 24.173.164.162/32 > > set security nat static rule-set static-nat rule ALTOS_STATIC then > > static-nat prefix 132.147.160.3/32 > > > > > > set security zones security-zone trust address-book address ALTOS_SERVER > > 132.147.160.3/32 > > > > set security nat proxy-arp interface ge-0/0/0.0 address 24.173.164.162/32 > > > > set security policies from-zone untrust to-zone trust policy > > DNAT_ALTOS_POLICY match source-address any > > set security policies from-zone untrust to-zone trust policy > > DNAT_ALTOS_POLICY match destination-address ALTOS_SERVER > > set security policies from-zone untrust to-zone trust policy > > DNAT_ALTOS_POLICY match application Tany > > set security policies from-zone untrust to-zone trust policy > > DNAT_ALTOS_POLICY then permit > > > > and ping is not working !! > > > > > > On Thu, Nov 28, 2013 at 1:58 PM, Per Westerlund <p...@westerlund.se> wrote: > > > > > No. > > > > > > /Per > > > > > > 28 nov 2013 kl. 11:53 skrev Mohammad Khalil <eng.m...@gmail.com>: > > > > > > Should I add static NAT statement ? > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > > _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
