[j-nsp] Few question about netscreen ISG 2000

Ariff Premji premji at speakeasy.net
Tue Jul 10 10:30:58 EDT 2007 

Not sure if many screenOS folks are on this list.  Hopefully this helps:

I think what you are look for is:

 > get interface <int> dip

This info is also available via snmp.

The other thing you may find interesting is the alarming on the fix- 
port pool so that you (example below):

 > set dip alarm-raise 75 alarm-clear 50

Is this what you were looking for ?


-Ariff

On Jul 9, 2007, at 1:04 PM, <lag0da at o2.pl> <lag0da at o2.pl> wrote:

> Hi,
> I have ISG 2000 with ScreenOS 5.4.0r5.0.
> I have few question:
>
> 1. How check statistic for DIP tranlations, I know  get counter  
> flow, get dip, and get dip-in.
> get dip show me only:
>
> nsisg2000-> get dip
> Dip Id  Dip Low          Dip High         Interface       Attribute
>    4    212.2.100.190    212.2.100.190    loopback.2      port-xlate
>    5    212.2.100.191    212.2.100.191    loopback.2      fix-port
>  142    212.2.100.142    212.2.100.142    ethernet4/2     port-xlate
>  143    212.2.100.143    212.2.100.143    ethernet4/2     port-xlate
>  180    212.2.100.180    212.2.100.180    ethernet4/2     port-xlate
>  183    212.2.100.183    212.2.100.183    ethernet4/2     port-xlate
>  184    212.2.100.184    212.2.100.184    ethernet4/2     port-xlate
> Port-xlated dip stickness off
> DIP pool utilization alarm: enabled, raise threshold 50%, clear  
> threshold 40%
>
>
> get dip-in is empty, I know that transation is use all time
>
>
> nsisg2000-> get dip-in
> Incoming dip entries in use: 0/25000, alloc failed: 0
> D_IP            D_Port H_IP            H_Port Interface   DIP_Id  
> Ref_Cnt Timeout
> nsisg2000->
>
> How to set system to show me info about utilization dip ( get dip- 
> in ). But I want utilization online, no grow up from clear counter.  
> I want know how DIP is utilization.
> Like in CheckPoint:
>
> FW[admin]# fw tab -s
> HOST                  NAME                               ID #VALS  
> #PEAK #SLINKS
> localhost             connections                      8158 28804  
> 82206  115122
> localhost             fwx_alloc                        8187 29041  
> 82260       0
>
> fwx_alloc this is utilization NAT table.
>
> 2. Is possible to use in ISG 2000 in GRE tunnel port adress  
> translation ? When I check it I  see that in GRE tunnel only  
> address is translated, not port. I have clients which use VPN  
> client in GRE tunnel. I know that I can use many public address to  
> fixed it , but I can not use this solution.
>
> Please help me if it possible.
>
> Best Regards,
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list