[j-nsp] Configuring NAT on J2300

Chris Adams cmadams at hiwaay.net
Wed May 10 11:56:34 EDT 2006

Once upon a time, Harry Reynolds <harry at juniper.net> said:
> Hmmm. Could there be a FW or filter blocking return traffic to .203?

No, no firewall configured on the router (firewall in front of this LAN
allows returning traffic to the whole /24).

> Also, are you even seeing return traffic being generated at far end?
> Maybe there is no route back causing discard of replies.
> The cli op, and remote dump indicates PAT seems to be working.

Outbound it is working; from what I can tell, the J2300 is not
translating returning traffic back to the private IPs, but only when the
pool IP is the same as the interface IP.

Just to make sure there's no difference between the .203 and .205
addresses, I swapped them in the J2300 (made .205 the public IP and .203
the pool IP), and that works.  If I then try to use .205 as both, it
doesn't work.


- interface IP: .203, pool IP: .205  --  works
- interface IP: .205, pool IP: .203  --  works

- interface IP: .203, pool IP: .203  --  fails
- interface IP: .205, pool IP: .205  --  fails

Chris Adams <cmadams at hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.

More information about the juniper-nsp mailing list