Set security zones security-zone trust host-inbound-traffic protocols all Set security zones security-zone trust host-inbound-traffic system-services all Set security zones security-zone trust address-book address insideWorld 192.168.0.0/23 Set security zones security-zone trust address-book address LOOPBACK-MGMT 172.16.255.252/32 Set security zones security-zone trust address-book address INSIDE-MGMT 192.168.1.1/32 Set security zones security-zone trust address-book address OUTSIDE-MGMT 192.168.0.252/32 Set security nat source rule-set insideWorld rule 1 then source-nat interface Set security nat source rule-set insideWorld rule 1 match destination-address 0.0.0.0/0 Set security nat source rule-set insideWorld rule 1 match source-address 192.168.1.0/24 Set security nat source rule-set insideWorld to zone untrust Set security nat source rule-set insideWorld from zone trust Set interfaces vlan unit 20 family inet address 192.168.1.1/24 Set interfaces vlan unit 20 description InsideWorld Set interfaces vlan unit 15 family inet dhcp Set interfaces vlan unit 0 family inet address 192.168.0.252/24 Set interfaces fxp0 unit 0 family inet address 172.16.255.252/32 Set interfaces fe-0/0/7 unit 0 family ethernet-switching vlan members vlan-trust Set interfaces fe-0/0/6 unit 0 family ethernet-switching vlan members vlan-trust Set interfaces fe-0/0/5 unit 0 family ethernet-switching vlan members vlan-trust Set interfaces fe-0/0/4 unit 0 family ethernet-switching vlan members vlan-trust Set interfaces fe-0/0/3 unit 0 family ethernet-switching vlan members vlan-trust Set interfaces fe-0/0/2 unit 0 family ethernet-switching vlan members vlan-trust Set interfaces fe-0/0/2 description "Remote MGMT" Set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members InsideWorld Set interfaces ge-0/0/1 description "Ting NAT" set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members vlan-untrust I'm almost positive I'm missing a supremely simple concept. I can ping from my local interfaces to the external gateway (ISP) and can ping 8.8.8.8 from the outside interface, but nothing otherwise. I'm admittedly new to SRX routing and am running into issues with source NAT on my SRX210.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |