H
H
HeroWithin2021-02-15 11:42:41
network hardware
HeroWithin, 2021-02-15 11:42:41

How to configure NAT on Juniper SRX650?

Hello! Please help me with router configuration. There are no more ideas. https://pastebin.com/WJzePVkY
It is necessary that there is nat and the Internet works on client machines. That is, ip from the range 192.168.0.1 is distributed, but there is no uplink (

Answer the question

In order to leave comments, you need to log in

3 answer(s)
T
telegin, 2021-02-15
@telegin

Hi, what type of NAT do you want to get?
SOURCE (everyone from the LAN goes to the WAN/Internet)
DESTINATION (from the Internet go to a specific IP:PORT of the internal LAN)
STATIC (external IP <=> internal IP)
Probably Source?

S
Strabbo, 2021-02-15
@Strabbo

You have NAT configured, the problem is most likely in the firewall rules.
You have a rule that allows traffic from the inside to the outside.
policies {
from-zone trust to-zone untrust {
But you don't have a rule that allows reverse traffic to go through
policies {
from-zone untrust to-zone trust {

Y
Yaroslav, 2021-02-15
@yaror

Can't a node with ip-address 192.168.16.1, which is the default gateway for SRX, kick off client traffic that has already passed through NAT?
And what, by the way, can be seen on the SRX if, when trying to start a ping outside, execute
show security flow session?
And, by the way, but this - why is it?

pool 192.168.16.0/24 {
address-range low 192.168.16.186 high 192.168.16.254;
router {
192.168.16.1;
}
propagate-settings ge-0/0/1.0;
}

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question