Hi,

This is the 12th post in the Quick-Series and this is on SRX-SOURCE-NAT using Pool and make sure that address-shifting is in place for this pool

Requirement:

All Lan traffic (172.20.101.0/24) trying to reach to other-end router 11.0.0.2 should be natted to pool of 11.0.0.16/28 and make sure this pool is under address-shifting w.r.t to end-host IP.

https://www.juniper.net/documentation/en_US/junos12.2/topics/concept/nat-security-source-pool-address-shifting-understanding.html

Topology

1_topology

Interface Config and policies

3_secpolicies

Nat configuration and other details

2_natconfig

Verification

4_verification

I have enabled shifting from 172.20.101.0/24 for pool starting at 11.0.0.16/28, so appropriately 172.20.101.10 has been assigned with 11.0.0.26

5_verification

Regards

Rakesh M