[j-nsp] nat - non-inline - service card ms-mic-16G in mx104
Alexander Arseniev
arseniev at btinternet.com
Tue Mar 8 16:11:44 EST 2016
Glad to help.
FYI, MS-MIC commands equivalent to MS-DPC "show services stateful-f..."
usually start with "show services sessions..."
Thx
Alex
On 08/03/2016 19:28, Aaron wrote:
>
> Alexander, you’re awesome J
>
> Thanks, that’s all I needed!
>
> Also, I had to realize the CGNAT Day One doc that I’ve been reading
> since it’s based on the MS-DPC, the show service nat mapping detail
> doesn’t work either, but apparently the mx104 with ms-mic uses show
> services stateful-firewall flows is what I needed to use to see flows.
>
> Aaron
>
> *From:*Alexander Arseniev [mailto:arseniev at btinternet.com]
> *Sent:* Tuesday, March 8, 2016 10:36 AM
> *To:* Aaron <aaron1 at gvtc.com>; juniper-nsp at puck.nether.net
> *Subject:* Re: [j-nsp] nat - non-inline - service card ms-mic-16G in mx104
>
> Hello,
> MS-MIC service interfaces are called ms-*, not sp-*.
> Also, You don't need these lines with MS-MIC:
>
>
> set chassis fpc 1 pic 0 adaptive-services service-package layer-3
> set interfaces sp-1/0/0 services-options cgn-pic
>
>
> And the recommended JUNOS version for MS-MIC CGNAT is 14.2R5 or newer.
> Thx
> Alex
>
> On 08/03/2016 17:21, Aaron wrote:
>
> Anybody know what I'm doing wrong ? I can't seem to get nat to work. I'm
>
> trying to do v4 to v4 with port translation (NAPT-44) using NON-inline nat.
>
> so I'm using an MX104 with a MS-MIC-16G
>
>
>
> FPC 1 BUILTIN BUILTIN MPC BUILTIN
>
> MIC 0 REV 17 750-123456 123456 MS-MIC-16G
>
> PIC 0 BUILTIN BUILTIN MS-MIC-16G
>
>
>
> My config currently..
>
>
>
> Ge-1/3/1 is my nat inside interface
>
> Ge-1/3/2 is my nat outside interface
>
>
>
> root> show configuration | display set
>
> set version 13.3R6.5
>
> set system root-authentication encrypted-password "removed"
>
> set system syslog user * any emergency
>
> set system syslog file messages any notice
>
> set system syslog file messages authorization info
>
> set system syslog file interactive-commands interactive-commands any
>
> set chassis fpc 1 pic 0 adaptive-services service-package layer-3
>
> set services service-set sset2 nat-rules rule1
>
> set services service-set sset2 interface-service service-interface sp-1/0/0
>
> set services nat pool nat1 address 1.2.3.0/25
>
> set services nat pool nat1 port automatic auto
>
> set services nat rule rule1 match-direction input
>
> set services nat rule rule1 term other1 from source-address-range low
>
> 9.9.9.1 high 9.9.9.100
>
> set services nat rule rule1 term other1 then translated source-pool nat1
>
> set services nat rule rule1 term other1 then translated translation-type
>
> napt-44
>
> set interfaces sp-1/0/0 description "cgn interface"
>
> set interfaces sp-1/0/0 services-options cgn-pic
>
> set interfaces sp-1/0/0 unit 0 family inet
>
> set interfaces ge-1/3/0 disable
>
> set interfaces ge-1/3/1 description private
>
> set interfaces ge-1/3/1 speed 100m
>
> set interfaces ge-1/3/1 unit 0 family inet service input service-set sset2
>
> set interfaces ge-1/3/1 unit 0 family inet service output service-set sset2
>
> set interfaces ge-1/3/1 unit 0 family inet address 10.144.1.5/30
>
> set interfaces ge-1/3/2 description public
>
> set interfaces ge-1/3/2 speed 100m
>
> set interfaces ge-1/3/2 unit 0 family inet address 10.144.2.5/30
>
> set routing-options static route 9.9.9.0/24 next-hop 10.144.1.6
>
>
>
> _______________________________________________
>
> juniper-nsp mailing listjuniper-nsp at puck.nether.net <mailto:juniper-nsp at puck.nether.net>
>
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
More information about the juniper-nsp
mailing list