[j-nsp] Juniper M7i NAT
Markus Åberg (JO/LMF)
markus.aberg at ericsson.com
Fri Apr 15 01:07:51 EDT 2005
The JUNOS documentation for this one is .. challenging.
Define a service-filter in [firewall family inet service-filter] specifying what traffic is to be processed by the service ("then service") or not ("then skip").
Apply the filter in
interfaces xx-x/x/x unit x family inet service xxxxx service-set xxxxx service-filter xxxx
Wasn't that easy?
:-)
///Markus
--
Markus Åberg
Ericsson Finland
E-mail: markus.aberg at ericsson.com
-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net
[mailto:juniper-nsp-bounces at puck.nether.net]On Behalf Of Uwe Sauerland
Sent: Thursday, April 14, 2005 20:17
To: juniper-nsp at puck.nether.net
Subject: [j-nsp] Juniper M7i NAT
Hello,
the Juniper M7i has the ASM module integrated.
We want to do static NAT service, and as far as I understood the documentation
a nat pool for each /32 we want to process must be created.
Per service set "only" 250 rule terms are allowed, which might be not enough
in the future.
How do I configured more than one service set on an interface? The router
accepts more, but answers with
[edit interfaces fe-0/3/0 unit 0 family inet service input]
'service-set bla'
Service will never be used without service filter on previous service-set
error: configuration check-out failed
How do I have to configure a service-filter in order to process also the
second service-set configured on that interface?
Currently it looks like:
unit 0 {
family inet {
service {
input {
service-set one;
service-set two;
}
output {
service-set one;
service-set two;
}
}
address 10.13.244.100/29 {
vrrp-group 10 {
virtual-address 10.13.244.102;
priority 250;
preempt;
accept-data;
}
}
}
}
Thanks for your answers!
Uwe
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
http://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list