[j-nsp] NAT for vrf-instance!
Gökhan Gümüş
ggumus at gmail.com
Tue Jan 17 08:11:06 EST 2006
Hi to all,
I have a problem about NAT configuration(especially translation-type
destination-static) on vrf-instance.I have two location in a Layer3 VPN and
also they have Internet Access with AS PIC2.They use illegal ip in their
local network such as (192.168.10.0/24 , 192.168.20.0/24) and they are
natted on my AS PIC and exit to Internet.But our customer wants that
everybody can access to my local server through "Remote Desktop" from
port 3389 which ip address is 192.168.10.6(server's ip address)
I must set a destination translation but i think it doesn't work
properly.This is the configuration:
alev at fulya-M10i-re0> show configuration services nat pool Kisik_Balik
address 84.51.42.136/30;
port automatic;
alev at fulya-M10i-re0> show configuration services nat pool Kisik_Balik_2
-------------------->that is for accessing to local server and destination
translation
address 84.51.42.141/32;
------------------------------------------------------------------------------------------------------------------------------------------------------------------------
alev at fulya-M10i-re0> show configuration services nat rule
Kisik_Balik
match-direction input;
term 1 {
then {
translated {
source-pool Kisik_Balik;
translation-type source dynamic;
}
}
}
alev at fulya-M10i-re0> show configuration services nat rule Kisik_Balik_output
match-direction output;
term 1 {
from {
destination-address {
192.168.10.6/32;
}
inactive: applications junos-http;
}
then {
translated {
destination-pool Kisik_Balik_2;
translation-type destination static;
---------------------------------------------------------------------------------------------------------------------------------------------------------------
alev at fulya-M10i-re0> show configuration services service-set Kisik_Balik
stateful-firewall-rules allow_all;
nat-rules Kisik_Balik;
nat-rules Kisik_Balik_output;
next-hop-service {
inside-service-interface sp-0/2/0.39;
outside-service-interface sp-0/2/0.40;
-----------------------------------------------------------------------------------------------------------------------------------------------------------------
alev at fulya-M10i-re0> show configuration interfaces sp-0/2/0.39
family inet;
service-domain inside;
alev at fulya-M10i-re0> show configuration interfaces sp-0/2/0.40
family inet;
service-domain outside;
--------------------------------------------------------------------------------------------------------------------------------------------------------------------
alev at fulya-M10i-re0> show configuration routing-instances Kisik
instance-type vrf;
interface at-1/2/0.64;
interface at-1/2/0.65;
interface sp-0/2/0.39;
route-distinguisher 84.51.0.2:109;
vrf-import Kisik_Import;
vrf-export Kisik_Export;
routing-options {
static {
route 192.168.10.0/24 next-hop 84.51.42.102;
route 192.168.20.0/24 next-hop 84.51.42.106;
route 0.0.0.0/0 next-hop sp-0/2/0.39;
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-In that situation my instance work properly and locations can access to the
Internet but i want that everybody can access to local server(as defined
above)
Also how can i test that it is working or not working..Must i type "
84.51.42.141" to the my Windows Remote Desktop Section to reach to the local
server(192.168.10.6)
Thanks and best regards
Gokhan Gumus JNCIA
More information about the juniper-nsp
mailing list