Quantcast
Channel: All SRX Services Gateway posts
Viewing all articles
Browse latest Browse all 17645

Re: Security policies not passing traffic

$
0
0

address local-sys-prod-prenat 10.252.253.5/32;

address local-sys-prod-postnat 10.2.2.5/32;
address remote-sys-prenat 10.12.7.2/32;

 

policy vpn-to-sys-test-amqps {
match {
source-address remote-sys-prenat;
destination-address local-sys-test-prenat;
application test-abc;
}
then {
permit;
}
}


Here is you see the policy is for "local-sys-prod-prenat" . In JUNOS the Policy lookup happenes after destination NAT , so you need to creat policy for "local-sys-prod-postnat"
Also if you see here the "test-abc" application does not have ICMP :

application test-abc {
protocol tcp;
destination-port 671;
}


So thats why its taking the default deny policy . Correct this and it will work .


Viewing all articles
Browse latest Browse all 17645

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>