cancel
Showing results for 
Search instead for 
Did you mean: 

Policy Based Source NAT help on SRX 650

SOLVED
ariwoola_
New Contributor

Policy Based Source NAT help on SRX 650

Please i get this error message below each time i try to commit on SRX650

root# commit
error: Source NAT rule-set pbn1 and pbn2 have same context.
[edit security nat source]
'rule-set pbn2'
src nat rule set(pbn2) sanity check failed..
error: configuration check-out failed

below is my config:

[edit security nat]
root# show
source {
pool pool1 {
address {
41.220.77.56/32 to 41.220.77.56/32;
}
}
pool pool2 {
address {
41.220.77.149/32 to 41.220.77.149/32;
}
}
pool pool3 {
address {
41.220.77.63/32 to 41.220.77.63/32;
}
}
pool pool4 {
address {
41.220.79.3/32 to 41.220.79.3/32;
}
}
pool pool5 {
address {
41.220.79.4/32 to 41.220.79.4/32;
}
}
pool pool6 {
address {
41.206.4.23/32 to 41.206.4.23/32;
}
}
rule-set pbn1 {
from zone trust;
to zone untrust;
rule rule32 {
match {
source-address 172.16.0.0/16;
destination-address 0.0.0.0/0;
}
then {
source-nat pool pool1;
}
}
rule rule33 {
match {
source-address 172.16.11.46/32;

destination-address 0.0.0.0/0;
}
then {
source-nat pool pool2;
}
}
rule rule34 {
match {
source-address 172.16.11.90/32;
destination-address 0.0.0.0/0;
}
then {
source-nat pool pool2;
}
}
rule rule35 {
match {
source-address 172.16.11.98/32;
destination-address 0.0.0.0/0;
}
then {
source-nat pool pool2;
}
}
rule rule36 {
match {
source-address 172.16.11.118/32;
destination-address 0.0.0.0/0;
}
then {
source-nat pool pool2;
}
}
rule rule37 {
match {
source-address 172.16.11.146/32;
destination-address 0.0.0.0/0;
}
then {
source-nat pool pool2;
}
}
rule rule38 {
match {
source-address 172.16.11.148/32;
destination-address 0.0.0.0/0;

}
then {
source-nat pool pool2;
}
}
}
rule-set pbn2 {
from zone trust;
to zone untrust;
rule rule39 {
match {
source-address 172.16.11.247/32;
destination-address 0.0.0.0/0;
}
then {
source-nat pool pool2;
}
}
rule rule40 {
match {
source-address 172.16.11.185/32;
destination-address 0.0.0.0/0;
}
then {
source-nat pool pool3;
}
}
rule rule41 {
match {
source-address 172.16.11.8/32;
destination-address 0.0.0.0/0;
}
then {
source-nat pool pool4;
}
}
rule rule42 {
match {
source-address 172.16.11.147/32;
destination-address 0.0.0.0/0;
}
then {
source-nat pool pool5;
}
}
rule rule43 {

match {
source-address 172.16.11.227/32;
destination-address 0.0.0.0/0;
}
then {
source-nat pool pool6;
}
}
}
}

1 ACCEPTED SOLUTION

Accepted Solutions
Screenie_
Contributor

Re: Policy Based Source NAT help on SRX 650

You only can write a rule set from a zone to a zone once. If you need more rules add this in the same rule-set. Limits on the in the number of rules you'll find here http://kb.pulsesecure.net/KB14149.

View solution in original post

1 REPLY 1
Screenie_
Contributor

Re: Policy Based Source NAT help on SRX 650

You only can write a rule set from a zone to a zone once. If you need more rules add this in the same rule-set. Limits on the in the number of rules you'll find here http://kb.pulsesecure.net/KB14149.

View solution in original post