[j-nsp] Few question about netscreen ISG 2000

lag0da at o2.pl lag0da at o2.pl
Tue Jul 10 12:54:14 EDT 2007 

Hi,
Thx for reply. I know this commands. I think that get xlate should be show me DIP utilization, but it is empty:
nsisg2000-> get xlate
xlate ctx in use: 0/75000, alloc failed: 0
ip              port   x_ip            x_port port_cnt dip_id ref_cnt
---------------------------------------------------------------------
nsisg2000->

But I know, that translating working and I have log in NSM Log Viewer.
I have problem, what set that get xlate command show me online utilization.

regards,

lag0da


---- Wiadomość Oryginalna ----
Od: Ariff Premji <premji at speakeasy.net>
Do:  <lag0da at o2.pl> <lag0da at o2.pl>
Kopia do:  <juniper-nsp at puck.nether.net>
Data: 10 lipca 2007 16:30
Temat: Re: [j-nsp] Few question about netscreen ISG 2000

> Not sure if many screenOS folks are on this list.  Hopefully this helps:
> 
> I think what you are look for is:
> 
>  > get interface <int> dip
> 
> This info is also available via snmp.
> 
> The other thing you may find interesting is the alarming on the fix- 
> port pool so that you (example below):
> 
>  > set dip alarm-raise 75 alarm-clear 50
> 
> Is this what you were looking for ?
> 
> 
> -Ariff
> 
> On Jul 9, 2007, at 1:04 PM, <lag0da at o2.pl> <lag0da at o2.pl> wrote:
> 
> > Hi,
> > I have ISG 2000 with ScreenOS 5.4.0r5.0.
> > I have few question:
> >
> > 1. How check statistic for DIP tranlations, I know  get counter  
> > flow, get dip, and get dip-in.
> > get dip show me only:
> >
> > nsisg2000-> get dip
> > Dip Id  Dip Low          Dip High         Interface       Attribute
> >    4    212.2.100.190    212.2.100.190    loopback.2      port-xlate
> >    5    212.2.100.191    212.2.100.191    loopback.2      fix-port
> >  142    212.2.100.142    212.2.100.142    ethernet4/2     port-xlate
> >  143    212.2.100.143    212.2.100.143    ethernet4/2     port-xlate
> >  180    212.2.100.180    212.2.100.180    ethernet4/2     port-xlate
> >  183    212.2.100.183    212.2.100.183    ethernet4/2     port-xlate
> >  184    212.2.100.184    212.2.100.184    ethernet4/2     port-xlate
> > Port-xlated dip stickness off
> > DIP pool utilization alarm: enabled, raise threshold 50%, clear  
> > threshold 40%
> >
> >
> > get dip-in is empty, I know that transation is use all time
> >
> >
> > nsisg2000-> get dip-in
> > Incoming dip entries in use: 0/25000, alloc failed: 0
> > D_IP            D_Port H_IP            H_Port Interface   DIP_Id  
> > Ref_Cnt Timeout
> > nsisg2000->
> >
> > How to set system to show me info about utilization dip ( get dip- 
> > in ). But I want utilization online, no grow up from clear counter.  
> > I want know how DIP is utilization.
> > Like in CheckPoint:
> >
> > FW[admin]# fw tab -s
> > HOST                  NAME                               ID #VALS  
> > #PEAK #SLINKS
> > localhost             connections                      8158 28804  
> > 82206  115122
> > localhost             fwx_alloc                        8187 29041  
> > 82260       0
> >
> > fwx_alloc this is utilization NAT table.
> >
> > 2. Is possible to use in ISG 2000 in GRE tunnel port adress  
> > translation ? When I check it I  see that in GRE tunnel only  
> > address is translated, not port. I have clients which use VPN  
> > client in GRE tunnel. I know that I can use many public address to  
> > fixed it , but I can not use this solution.
> >
> > Please help me if it possible.
> >
> > Best Regards,
> > _______________________________________________
> > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/juniper-nsp
>

More information about the juniper-nsp mailing list