amigan_99
asked on
Juniper SRX: Can two objects have the same IP address? Two different rules sets?
In a Juniper SRX - can an address be assigned to two different objects?
And can that address be assigned to two different source nat rule sets?
In the example below I have all traffic from 172.31.40.0/22 source natting
to 10.17.236.170. But now I'd like to use that same source natting for
172.31.64.0/21. Is there a problem with this?
Existing config:
set security nat source pool nat-guestwifi address 10.17.236.170/32
set security nat source rule-set guestwifi-NAT from zone wlc-guest
set security nat source rule-set guestwifi-NAT to zone untrust
set security nat source rule-set guestwifi-NAT rule nat_guestwifi match source-address 172.31.40.0/22
set security nat source rule-set guestwifi-NAT rule nat_guestwifi match destination-address 10.17.237.116/32
set security nat source rule-set guestwifi-NAT rule nat_guestwifi then source-nat pool nat-guestwifi
Proposed additional config:
set security nat source pool nat-corpwifi address 10.17.236.170/32
set security nat source rule-set corpwifi-NAT from zone corp-wifi
set security nat source rule-set corpwifi-NAT to zone untrust
set security nat source rule-set corpwifi-NAT rule nat_corpwifi match source-address 172.31.64.0/21
set security nat source rule-set corpwifi-NAT rule nat_corpwifi match destination-address 10.17.237.116/32
set security nat source rule-set corpwifi-NAT rule nat_corpwifi then source-nat pool nat-corpwifi
And can that address be assigned to two different source nat rule sets?
In the example below I have all traffic from 172.31.40.0/22 source natting
to 10.17.236.170. But now I'd like to use that same source natting for
172.31.64.0/21. Is there a problem with this?
Existing config:
set security nat source pool nat-guestwifi address 10.17.236.170/32
set security nat source rule-set guestwifi-NAT from zone wlc-guest
set security nat source rule-set guestwifi-NAT to zone untrust
set security nat source rule-set guestwifi-NAT rule nat_guestwifi match source-address 172.31.40.0/22
set security nat source rule-set guestwifi-NAT rule nat_guestwifi match destination-address 10.17.237.116/32
set security nat source rule-set guestwifi-NAT rule nat_guestwifi then source-nat pool nat-guestwifi
Proposed additional config:
set security nat source pool nat-corpwifi address 10.17.236.170/32
set security nat source rule-set corpwifi-NAT from zone corp-wifi
set security nat source rule-set corpwifi-NAT to zone untrust
set security nat source rule-set corpwifi-NAT rule nat_corpwifi match source-address 172.31.64.0/21
set security nat source rule-set corpwifi-NAT rule nat_corpwifi match destination-address 10.17.237.116/32
set security nat source rule-set corpwifi-NAT rule nat_corpwifi then source-nat pool nat-corpwifi
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER