Hi,
You can use below config example to do this.
PS: I configured next-hop style NAT
root@mx480# show service-set Hairpin-test
nat-rules Pri-to-Pub;
nat-rules Pub-to-pri;
nat-rules HairPIN;
next-hop-service {
inside-service-interface ms-5/0/0.10;
outside-service-interface ms-5/0/0.20;
}
root@mx480# show services nat
rule Pri-to-Pub {
match-direction input;
term cust1 {
from {
source-address {
100.100.100.1/32;
}
}
then {
translated {
source-prefix 128.128.128.1/32;
translation-type {
basic-nat44;
}
}
}
}
}
rule Pub-to-pri {
match-direction output;
term cust1 {
from {
destination-address {
128.128.128.1/32;
}
}
then {
translated {
destination-prefix 100.100.100.1/32;
translation-type {
dnat-44;
}
}
}
}
}
rule HairPIN {
match-direction input;
term cust2 {
from {
source-address {
100.100.100.2/32;
}
destination-address {
128.128.128.1/32;
}
}
then {
translated {
source-prefix 150.150.150.1/32;
translation-type {
basic-nat44;
}
}
}
}
}
root@mx480# show routing-instances
inside {
instance-type virtual-router;
interface ms-5/0/0.10;
interface ge-0/2/1.0;
interface lo0.100;
routing-options {
static {
route 0.0.0.0/0 next-hop ms-5/0/0.10;
}
}
}
outside {
instance-type virtual-router;
interface ms-5/0/0.20;
interface xe-0/0/0.0;
routing-options {
static {
route 200.200.200.0/24 next-hop 172.16.0.2;
}
}
}
root@mx480# show interfaces lo0
unit 100 {
family inet {
address 100.100.100.1/32;
address 100.100.100.2/32;
}
}
root@mx480# run ping 128.128.128.1 source 100.100.100.2 routing-instance inside
PING 128.128.128.1 (128.128.128.1): 56 data bytes
64 bytes from 128.128.128.1: icmp_seq=0 ttl=65 time=1.245 ms
64 bytes from 128.128.128.1: icmp_seq=1 ttl=65 time=0.897 ms
64 bytes from 128.128.128.1: icmp_seq=2 ttl=65 time=1.336 ms
64 bytes from 128.128.128.1: icmp_seq=3 ttl=65 time=0.875 ms
64 bytes from 128.128.128.1: icmp_seq=4 ttl=65 time=0.844 ms
[edit groups singhh-Hairpin]
root@mx480-r2031# run show services sessions
ms-5/0/0
Service Set: Hairpin-test, Session: 436207617, ALG: icmp, Flags: 0x200000, IP Action: no, Offload: no, Asymmetric: no
ICMP 150.150.150.1 -> 128.128.128.1 Forward O 11
ICMP 100.100.100.1 -> 150.150.150.1 Forward I 11
Service Set: Hairpin-test, Session: 201326594, ALG: icmp, Flags: 0x200000, IP Action: no, Offload: no, Asymmetric: no
ICMP 100.100.100.2 -> 128.128.128.1 Forward I 11
ICMP 128.128.128.1 -> 150.150.150.1 Forward O 11
[edit groups singhh-Hairpin]
root@mx480#
root@mx480# run ping 200.200.200.1 source 100.100.100.1 routing-instance inside
PING 200.200.200.1 (200.200.200.1): 56 data bytes
64 bytes from 200.200.200.1: icmp_seq=0 ttl=64 time=1.223 ms
64 bytes from 200.200.200.1: icmp_seq=1 ttl=64 time=1.026 ms
64 bytes from 200.200.200.1: icmp_seq=2 ttl=64 time=1.007 ms
64 bytes from 200.200.200.1: icmp_seq=3 ttl=64 time=0.961 ms
[edit groups singhh-Hairpin]
root@mx480# run show services sessions
ms-5/0/0
Service Set: Hairpin-test, Session: 469762049, ALG: icmp, Flags: 0x200000, IP Action: no, Offload: no, Asymmetric: no
ICMP 100.100.100.1 -> 200.200.200.1 Forward I 8
ICMP 200.200.200.1 -> 128.128.128.1 Forward O 8
root@mx240> ping 128.128.128.1 source 200.200.200.1
PING 128.128.128.1 (128.128.128.1): 56 data bytes
64 bytes from 128.128.128.1: icmp_seq=0 ttl=64 time=1.584 ms
64 bytes from 128.128.128.1: icmp_seq=1 ttl=64 time=0.926 ms
64 bytes from 128.128.128.1: icmp_seq=2 ttl=64 time=2.190 ms
[edit groups singhh-Hairpin]
root@mx480# run show services sessions
ms-5/0/0
Service Set: Hairpin-test, Session: 234881026, ALG: icmp, Flags: 0x200000, IP Action: no, Offload: no, Asymmetric: no
ICMP 200.200.200.1 -> 128.128.128.1 Forward O 16
ICMP 100.100.100.1 -> 200.200.200.1 Forward I 16
HTH