Home > Cloud Computing > Cloud Security

Juning address of Intranet access in Juniper SRX Destination NAT

Source: Internet
Author: User
Tags juniper srx
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

 

Network device:Juniper SRX series Firewall Network Topology: 

650) this. width = 650; "onclick = 'window. open (" http://blog.51cto.com/viewpic.php? Refimg = "+ this. src) 'border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131227/0Z54GD6-0.jpg "/>

Problem description:When implementing Destination NAT, if you need to access the mapped public IP address from the Intranet, there will be some problems by default. You can ping the ing IP address on the Intranet but cannot access the service;   Problem Analysis:   [Edit security]Set zones security-zone trust address-book address server-2 192.168.1.200/32 [Edit security policies ies from-zone untrust to-zone trust]Set policy server-access match source-address any destination-address server-2 application anyset policy server-access then permit [Edit security nat destination]Set pool dst-nat-pool-2 address 192.168.1.200 port 8000 set rule-set rs1 from zone untrustset rule-set rs1 rule r2 match destination-address 1.1.1.101set rule-set rs1 rule r2 match destination-port 80 set rule-set- set rs1 rule r2 then destination-nat pool dst-nat-pool-2 [Edit security nat]Set proxy-arp interface ge-0/0/2.0 address 1.1.1.101 after we configure the device above, the Internet user can access the ing address, but if the intranet user access problems, the service cannot be accessed through 1.1.1.101. The reason is that when the internal address accesses 1.1.1.101, the firewall does not perform address translation and routes the Intranet address to the target server. The server will see this address, when the packet is returned, the data packet is directly returned to this Intranet address. TCP forms a semi-connection, so the service cannot be accessed.   Solution: Access from trusted areas is also performed once. Destination nat , You need to add the following command ;   [Edit security nat destination]Set rule-set rs1 from zone trustset rule-set rs1 rule r2 match destination-address 1.1.1.101set rule-set rs1 rule r2 match destination-port 80 set rule-set rs1 rule r2 then destination- nat pool dst-nat-pool-2

This article is from the genisystem blog, please be sure to keep this source http://genisystem.blog.51cto.com/39344/414452

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
juniper srx wireless juniper srx price juniper srx series juniper srx show configuration juniper srx firewall juniper srx book intranet ip address lookup
Related Article
How does personal cloud security guarantee data security?
Focus on three major cloud security areas, you know?
Decrypting Cisco type 5 password hashes
Using redis to write webshell

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More