[j-nsp] Few question about netscreen ISG 2000
premji at speakeasy.net
Tue Jul 10 18:02:23 EDT 2007
Port translation will not show utilization because theoretically, you
have 65535 sessions per public IP (assuming you started with a class-
B on the public side). Utilization only applies to fix-port.
On Jul 10, 2007, at 9:54 AM, lag0da at o2.pl wrote:
> Thx for reply. I know this commands. I think that get xlate should
> be show me DIP utilization, but it is empty:
> nsisg2000-> get xlate
> xlate ctx in use: 0/75000, alloc failed: 0
> ip port x_ip x_port port_cnt dip_id ref_cnt
> But I know, that translating working and I have log in NSM Log Viewer.
> I have problem, what set that get xlate command show me online
> ---- Wiadomość Oryginalna ----
> Od: Ariff Premji <premji at speakeasy.net>
> Do: <lag0da at o2.pl> <lag0da at o2.pl>
> Kopia do: <juniper-nsp at puck.nether.net>
> Data: 10 lipca 2007 16:30
> Temat: Re: [j-nsp] Few question about netscreen ISG 2000
>> Not sure if many screenOS folks are on this list. Hopefully this
>> I think what you are look for is:
>>> get interface <int> dip
>> This info is also available via snmp.
>> The other thing you may find interesting is the alarming on the fix-
>> port pool so that you (example below):
>>> set dip alarm-raise 75 alarm-clear 50
>> Is this what you were looking for ?
>> On Jul 9, 2007, at 1:04 PM, <lag0da at o2.pl> <lag0da at o2.pl> wrote:
>>> I have ISG 2000 with ScreenOS 5.4.0r5.0.
>>> I have few question:
>>> 1. How check statistic for DIP tranlations, I know get counter
>>> flow, get dip, and get dip-in.
>>> get dip show me only:
>>> nsisg2000-> get dip
>>> Dip Id Dip Low Dip High Interface Attribute
>>> 4 126.96.36.199 188.8.131.52 loopback.2 port-xlate
>>> 5 184.108.40.206 220.127.116.11 loopback.2 fix-port
>>> 142 18.104.22.168 22.214.171.124 ethernet4/2 port-xlate
>>> 143 126.96.36.199 188.8.131.52 ethernet4/2 port-xlate
>>> 180 184.108.40.206 220.127.116.11 ethernet4/2 port-xlate
>>> 183 18.104.22.168 22.214.171.124 ethernet4/2 port-xlate
>>> 184 126.96.36.199 188.8.131.52 ethernet4/2 port-xlate
>>> Port-xlated dip stickness off
>>> DIP pool utilization alarm: enabled, raise threshold 50%, clear
>>> threshold 40%
>>> get dip-in is empty, I know that transation is use all time
>>> nsisg2000-> get dip-in
>>> Incoming dip entries in use: 0/25000, alloc failed: 0
>>> D_IP D_Port H_IP H_Port Interface DIP_Id
>>> Ref_Cnt Timeout
>>> How to set system to show me info about utilization dip ( get dip-
>>> in ). But I want utilization online, no grow up from clear counter.
>>> I want know how DIP is utilization.
>>> Like in CheckPoint:
>>> FW[admin]# fw tab -s
>>> HOST NAME ID #VALS
>>> #PEAK #SLINKS
>>> localhost connections 8158 28804
>>> 82206 115122
>>> localhost fwx_alloc 8187 29041
>>> 82260 0
>>> fwx_alloc this is utilization NAT table.
>>> 2. Is possible to use in ISG 2000 in GRE tunnel port adress
>>> translation ? When I check it I see that in GRE tunnel only
>>> address is translated, not port. I have clients which use VPN
>>> client in GRE tunnel. I know that I can use many public address to
>>> fixed it , but I can not use this solution.
>>> Please help me if it possible.
>>> Best Regards,
>>> juniper-nsp mailing list juniper-nsp at puck.nether.net
More information about the juniper-nsp