[j-nsp] Configuring NAT on J2300

[Harry Reynolds]

Hmmm. Could there be a FW or filter blocking return traffic to .203?
Also, are you even seeing return traffic being generated at far end?
Maybe there is no route back causing discard of replies.

The cli op, and remote dump indicates PAT seems to be working.

Regards

 

> -----Original Message-----
> From: Chris Adams [mailto:cmadams at hiwaay.net] 
> Sent: Wednesday, May 10, 2006 8:41 AM
> To: Harry Reynolds
> Cc: juniper-nsp at puck.nether.net
> Subject: Re: [j-nsp] Configuring NAT on J2300
> 
> Once upon a time, Harry Reynolds <harry at juniper.net> said:
> > I am not 100% sure, but believe you can use the IP assigned to the 
> > interfaces as a NAT pool. In fact, the j-series training material 
> > NAT/SFW lab does just this. AFAIK it still works, but I have not 
> > messed with it for over a year now.
> > 
> > What does the show services nat pool command display when you 
> > encounter the problem?
> 
> Working on .205:
> 
> admin at offgw> show services nat pool one-ip detail    
> Interface: sp-0/0/0, Service set: do-nat
>   NAT pool: one-ip, Translation type: dynamic
>     Address range: x.x.x.205-x.x.x.205
>     Port range: 512-65535, Ports in use: 1, Out of port errors: 0,
>     Max ports used: 8
> 
> Not working on .203:
> 
> admin at offgw> show services nat pool one-ip detail    
> Interface: sp-0/0/0, Service set: do-nat
>   NAT pool: one-ip, Translation type: dynamic
>     Address range: x.x.x.203-x.x.x.203
>     Port range: 512-65535, Ports in use: 1, Out of port errors: 0,
>     Max ports used: 8
> 
> If I dump the traffic at the far end, I see translated 
> traffic getting to the far end (e.g. if I "ssh remotehost" 
> from the private LAN while running tcpdump on "remotehost", I 
> see traffic from x.x.x.203).
> 
> --
> Chris Adams <cmadams at hiwaay.net>
> Systems and Network Administrator - HiWAAY Internet Services 
> I don't speak for anybody but myself - that's enough trouble.
>