SRX 3400 |12.1X46-D30.2| Static NAT

Hi all,

I'm pulling my hair out here.

I have this one rule where its sourcing from the static NAT IP.

cbo@SRX-1> show configuration security nat static rule-set rule_L4 rule L4TA25 
match {
    destination-address 10.10.10.123/32;
}
then {
    static-nat {
        prefix {
            172.17.52.51/32;
        }
    }
}

Make going from 172.17.52.51 to 172.17.52.66 source from 10.10.10.123

Session ID: 100329689, Status: Normal, State: Active
Flag: 0x4c000000
Policy name: ALLOW_FROM_FES_FRONT_PRIV/598
Source NAT pool: Null, Application: junos-https/58
Dynamic application: junos:UNKNOWN, 
Encryption:  Unknown
Application traffic control rule-set: INVALID, Rule: INVALID
Maximum timeout: 1800, Current timeout: 20
Session State: Valid
Start time: 10066034, Duration: 0
   In: 172.17.52.51/57785 --> 172.17.52.66/443;tcp, 
    Interface: reth1.508, 
    Session token: 0x2605c, Flag: 0x1021
    Route: 0x97c53c2, Gateway: 172.17.52.51, Tunnel: 0
    Port sequence: 0, FIN sequence: 0, 
    FIN state: 0, 
    Pkts: 1, Bytes: 52Out: 172.17.52.66/443 --> 10.10.10.123/57785;tcp, 
    Interface: reth1.507, 
    Session token: 0x2605b, Flag: 0x20
    Route: 0x949c3c2, Gateway: 172.17.52.66, Tunnel: 0
    Port sequence: 0, FIN sequence: 0, 
    FIN state: 0, 
    Pkts: 0, Bytes: 0
Total sessions: 1

Now, the real static nat IP is public, and 172.17.52.66 can't then respont back to it, so its here the problem is.

Then, I have the same kind of rule but working(going from 172.17.58.148 to 172.17.58.194)

cbo@SRX-1> show configuration security nat static rule-set rule_L5 rule L5TA2_FRONTEND 
match {
    destination-address 10.10.20.53/32;
}
then {
    static-nat {
        prefix {
            172.17.58.148/32;
        }
    }
}

Session ID: 120683829, Status: Normal, State: Active
Flag: 0x8000040
Policy name: ALLOW_FROM_FES_FRONT_PRIV/764
Source NAT pool: Null, Application: junos-https/58
Dynamic application: junos:UNKNOWN, 
Encryption:  Unknown
Application traffic control rule-set: INVALID, Rule: INVALID
Maximum timeout: 1800, Current timeout: 1798
Session State: Valid
Start time: 10166656, Duration: 2
   In: 172.17.58.148/53337 --> 172.17.58.194/443;tcp, 
    Interface: reth1.526, 
    Session token: 0x27069, Flag: 0x21
    Route: 0x96233c2, Gateway: 172.17.58.148, Tunnel: 0
    Port sequence: 0, FIN sequence: 0, 
    FIN state: 0, 
    Pkts: 2, Bytes: 92
   Out: 172.17.58.194/443 --> 172.17.58.148/53337;tcp, 
    Interface: reth1.525, 
    Session token: 0x27068, Flag: 0x20
    Route: 0x980b3c2, Gateway: 172.17.58.194, Tunnel: 0
    Port sequence: 0, FIN sequence: 0, 
    FIN state: 0, 
    Pkts: 1, Bytes: 52
Total sessions: 1

Can anybody make sense of this ?

SRX 3400 |12.1X46-D30.2| Static NAT

Trending Articles

Practice Sheet of Right form of verbs for HSC Students

Download: FK ft Shenky – Nakuyewa ”Prod by: Shenky”

How to win at Markstrat (Markstrat Tips and Tricks) – Vodites

Ominde Commission Report and Recommendations – Ominde Report of 1964

Bureau of Internal Revenue: Regional Offices (Directory)

GO 53 on Enhancement of Ex-gratia upto 5 Lakhs Toddy Tappers in Telangana

Cakewalk CA-2A Leveling Amplifier v2.0.1.97 WiN, v2.0.1.96 OSX Incl Keygen

Mp3 Download: Mdu - Kunjenjenjena

How the kill the job , when DTP request running for long hours.

Microsoft Intune から展開しているアプリのアップデートについて

18-year-old girl was beaten for half an hour by two Northampton men in 'an...

Car crash in Dunton Bassett leaves driver in critical condition

Macky 2, Two Others In Road Accident

Application log 00000000000000089514: Could not convert queue DLVST90CLNT

Detroit mafia: D’Anna Brothers agree to plea deal

Delivery block field greyed out using VA02

Muloraki Au

【個人撮影】スマホのプライベート映像♪「中に出さないで///」カラオケ屋での生ハメ撮りが流出ｗ【リベンジポルノ】＠PornHub

BREAKING NEWS: Diamond Platnumz Is Reported Dead After Ghastly Car Accident

FIAT 500 B0111 B0112