Doing NAT is very easy with SRX indeed. For example:
SOURCE NAT (INTERFACE BASED)
[edit security nat]
root@host# show | display set
set security nat source rule-set rs1 from zone trust
set security nat source rule-set rs1 to zone untrust
set security nat source rule-set rs1 rule rl1 match source-address 10.200.2.0/24
set security nat source rule-set rs1 rule rl1 then source-nat interface
We create one rule (rl1) inside a rule set (rs1) and NATing 10.200.20.0/24 network to the address of the exit interface. Pretty easy.
SOURCE NAT (WITH POOL)
[edit security nat]
root@host# show | display set
set security nat source pool pool-admins address 212.23.2.1 to 212.23.2.20
set security nat source rule-set rs1 from zone trust
set security nat source rule-set rs1 to zone untrust
set security nat source rule-set rs1 rule rl1 match source-address 10.200.2.0/24
set security nat source rule-set rs1 rule rl1 then source-nat pool pool-admins
In this pool example, instead of using interface address, we use addresses in the range 212.23.2.1 – 212.23.2.20
**TIP: If you need address persistence you should to set the following;
set security nat source address-persistent
Continue reading →