Hi there,
I need to allow some of our users who work for another company access to their VPN server from our office LAN.
Reading up it seems I need to disable port translation, i have done the following:
set security nat source rule-set mortgage-to-untrust from zone Mortgage-Insurance
set security nat source rule-set mortgage-to-untrust to zone untrust
set security nat source pool gre-nat-pool address "10.10.10.1/32" (made up external ip of the srx)
set security nat source pool gre-nat-pool port no-translation
set security nat source rule-set mortgage-to-untrust rule mortgage-gre-nat match source-address 0.0.0.0/0
set security nat source rule-set mortgage-to-untrust rule mortgage-gre-nat match destination-address "vpn server/32"
set security nat source rule-set mortgage-to-untrust rule mortgage-gre-nat then source-nat pool gre-nat-pool
set security nat source rule-set mortgage-to-untrust rule mortgage-nat-rule match source-address 0.0.0.0/0
set security nat source rule-set mortgage-to-untrust rule mortgage-nat-rule then source-nat interface
set security policies from-zone Mortgage-Insurance to-zone untrust policy mortgage-to-untrust match source-address Mortgage-Insurance
set security policies from-zone Mortgage-Insurance to-zone untrust policy mortgage-to-untrust match destination-address any
set security policies from-zone Mortgage-Insurance to-zone untrust policy mortgage-to-untrust match application any
set security policies from-zone Mortgage-Insurance to-zone untrust policy mortgage-to-untrust then permit
I see traffic going out but not coming back in, also i have a destination nat rule set up for vpn traffic coming in to our server with a proxy arp running on the external ip interface of the srx and im worried this is interfering.
I could really do with some help as i have read so much and have confused myself now, things like pptp alg being disabled etc and what kind of nat to use.