[j-nsp] Few question about netscreen ISG 2000

Mon Jul 9 16:04:26 EDT 2007

Hi,
I have ISG 2000 with ScreenOS 5.4.0r5.0.
I have few question:

1. How check statistic for DIP tranlations, I know  get counter flow, get dip, and get dip-in.
get dip show me only:

nsisg2000-> get dip
Dip Id  Dip Low          Dip High         Interface       Attribute
   4    212.2.100.190    212.2.100.190    loopback.2      port-xlate
   5    212.2.100.191    212.2.100.191    loopback.2      fix-port
 142    212.2.100.142    212.2.100.142    ethernet4/2     port-xlate
 143    212.2.100.143    212.2.100.143    ethernet4/2     port-xlate
 180    212.2.100.180    212.2.100.180    ethernet4/2     port-xlate
 183    212.2.100.183    212.2.100.183    ethernet4/2     port-xlate
 184    212.2.100.184    212.2.100.184    ethernet4/2     port-xlate
Port-xlated dip stickness off
DIP pool utilization alarm: enabled, raise threshold 50%, clear threshold 40%

get dip-in is empty, I know that transation is use all time

nsisg2000-> get dip-in
Incoming dip entries in use: 0/25000, alloc failed: 0
D_IP            D_Port H_IP            H_Port Interface   DIP_Id Ref_Cnt Timeout
nsisg2000->

How to set system to show me info about utilization dip ( get dip-in ). But I want utilization online, no grow up from clear counter. I want know how DIP is utilization.
Like in CheckPoint:

FW[admin]# fw tab -s
HOST                  NAME                               ID #VALS #PEAK #SLINKS
localhost             connections                      8158 28804 82206  115122
localhost             fwx_alloc                        8187 29041 82260       0

fwx_alloc this is utilization NAT table.

2. Is possible to use in ISG 2000 in GRE tunnel port adress translation ? When I check it I  see that in GRE tunnel only address is translated, not port. I have clients which use VPN client in GRE tunnel. I know that I can use many public address to fixed it , but I can not use this solution.

Please help me if it possible.

Best Regards, 