Re: Have an issue with routing instances

Hi Marc ,

From your requirement ,it seems to me that you want to translate (source NAT)  your internal addresses as below - 

Instead or routing them  As there is only one gateway (.254) - single ip on ISP and you have multiple IPs .  

172.16.0.56 --- > 200.55.125.153
172.16.0.57 --- > 200.55.125.222
0.0.0.0/0 ---- > 200.55.125.156 .

Please clarify if this is not correct.  If my understanding is correct we can achieve this with simple source NAT without going for filter based forwarding . 

Generally we go for filter based forwarding ,when we have different next-hops ( multiple ISPs) , but in this case we have only a singel next-hop. 

sample source NAT config , that works for you - 

set interfaces ge-0/0/1 unit 0 family inet address 200.55.125.149/24
set security zones security-zone Z-IP149 interfaces ge-0/0/1.0

set security nat source pool IP153 address 200.55.125.153/32
set security nat source pool IP222 address 200.55.125.222/32
set security nat source pool IP156 address 200.55.125.156/32
set security nat source rule-set DMZ-to-Internet from zone DMZ
set security nat source rule-set DMZ-to-Internet to zone Z-IP149
set security nat source rule-set DMZ-to-Internet rule IP153 match source-address 172.16.0.56/32
set security nat source rule-set DMZ-to-Internet rule IP153 match destination-address 0.0.0.0/0
set security nat source rule-set DMZ-to-Internet rule IP153 then source-nat pool IP153
set security nat source rule-set DMZ-to-Internet rule IP222 match source-address 172.16.0.57/32
set security nat source rule-set DMZ-to-Internet rule IP222 match destination-address 0.0.0.0/0
set security nat source rule-set DMZ-to-Internet rule IP222 then source-nat pool IP222
set security nat source rule-set DMZ-to-Internet rule IP156 match source-address 0.0.0.0/0
set security nat source rule-set DMZ-to-Internet rule IP156 match destination-address 0.0.0.0/0
set security nat source rule-set DMZ-to-Internet rule IP156 then source-nat pool IP156

set security nat proxy-arp interface ge-0/0/1.0 address 200.55.125.153/32
set security nat proxy-arp interface ge-0/0/1.0 address 200.55.125.156/32
set security nat proxy-arp interface ge-0/0/1.0 address 200.55.125.222/32