sfouant at shortestpathfirst
Jul 11, 2011, 3:46 PM
Post #5 of 6
On 7/11/2011 6:31 PM, Scott T. Cameron wrote:
> With SRX static-nat, all traffic (all protocols) is forwarded to a
> specific IP.
> With SRX destination-nat, a specific protocol (tcp/udp, presumably) is
> forwarded to a specific IP [and optionally port]
> There does not appear to be an option in destination-nat to send ICMP to
> an IP, so that it responds to, for example, ping.
Unless you are doing port translation, simply matching on
destination-address in your match statement and then specifying the
translated address in your then statement should do the trick. You may
need to enable proxy-arp in your environment if the ingress IP
(pre-translated) is a different address than the interface IP, but other
than that you shouldn't need to do anything fancy to enable ping traffic
to flow through...
Sorry I don't have access to a device at the moment to give you a
working config... can we see your configs in the meantime?
JNCIE-ER #70, JNCIE-M #513, JNCI
Technical Trainer, Juniper Networks
juniper-nsp mailing list juniper-nsp [at] puck