[j-nsp] Few question about netscreen ISG 2000
Premji
premji at speakeasy.net
Tue Jul 10 18:02:23 EDT 2007
Hi,
Port translation will not show utilization because theoretically, you
have 65535 sessions per public IP (assuming you started with a class-
B on the public side). Utilization only applies to fix-port.
-Ariff
On Jul 10, 2007, at 9:54 AM, lag0da at o2.pl wrote:
> Hi,
> Thx for reply. I know this commands. I think that get xlate should
> be show me DIP utilization, but it is empty:
> nsisg2000-> get xlate
> xlate ctx in use: 0/75000, alloc failed: 0
> ip port x_ip x_port port_cnt dip_id ref_cnt
> ---------------------------------------------------------------------
> nsisg2000->
>
> But I know, that translating working and I have log in NSM Log Viewer.
> I have problem, what set that get xlate command show me online
> utilization.
>
> regards,
>
> lag0da
>
>
> ---- Wiadomość Oryginalna ----
> Od: Ariff Premji <premji at speakeasy.net>
> Do: <lag0da at o2.pl> <lag0da at o2.pl>
> Kopia do: <juniper-nsp at puck.nether.net>
> Data: 10 lipca 2007 16:30
> Temat: Re: [j-nsp] Few question about netscreen ISG 2000
>
>> Not sure if many screenOS folks are on this list. Hopefully this
>> helps:
>>
>> I think what you are look for is:
>>
>>> get interface <int> dip
>>
>> This info is also available via snmp.
>>
>> The other thing you may find interesting is the alarming on the fix-
>> port pool so that you (example below):
>>
>>> set dip alarm-raise 75 alarm-clear 50
>>
>> Is this what you were looking for ?
>>
>>
>> -Ariff
>>
>> On Jul 9, 2007, at 1:04 PM, <lag0da at o2.pl> <lag0da at o2.pl> wrote:
>>
>>> Hi,
>>> I have ISG 2000 with ScreenOS 5.4.0r5.0.
>>> I have few question:
>>>
>>> 1. How check statistic for DIP tranlations, I know get counter
>>> flow, get dip, and get dip-in.
>>> get dip show me only:
>>>
>>> nsisg2000-> get dip
>>> Dip Id Dip Low Dip High Interface Attribute
>>> 4 212.2.100.190 212.2.100.190 loopback.2 port-xlate
>>> 5 212.2.100.191 212.2.100.191 loopback.2 fix-port
>>> 142 212.2.100.142 212.2.100.142 ethernet4/2 port-xlate
>>> 143 212.2.100.143 212.2.100.143 ethernet4/2 port-xlate
>>> 180 212.2.100.180 212.2.100.180 ethernet4/2 port-xlate
>>> 183 212.2.100.183 212.2.100.183 ethernet4/2 port-xlate
>>> 184 212.2.100.184 212.2.100.184 ethernet4/2 port-xlate
>>> Port-xlated dip stickness off
>>> DIP pool utilization alarm: enabled, raise threshold 50%, clear
>>> threshold 40%
>>>
>>>
>>> get dip-in is empty, I know that transation is use all time
>>>
>>>
>>> nsisg2000-> get dip-in
>>> Incoming dip entries in use: 0/25000, alloc failed: 0
>>> D_IP D_Port H_IP H_Port Interface DIP_Id
>>> Ref_Cnt Timeout
>>> nsisg2000->
>>>
>>> How to set system to show me info about utilization dip ( get dip-
>>> in ). But I want utilization online, no grow up from clear counter.
>>> I want know how DIP is utilization.
>>> Like in CheckPoint:
>>>
>>> FW[admin]# fw tab -s
>>> HOST NAME ID #VALS
>>> #PEAK #SLINKS
>>> localhost connections 8158 28804
>>> 82206 115122
>>> localhost fwx_alloc 8187 29041
>>> 82260 0
>>>
>>> fwx_alloc this is utilization NAT table.
>>>
>>> 2. Is possible to use in ISG 2000 in GRE tunnel port adress
>>> translation ? When I check it I see that in GRE tunnel only
>>> address is translated, not port. I have clients which use VPN
>>> client in GRE tunnel. I know that I can use many public address to
>>> fixed it , but I can not use this solution.
>>>
>>> Please help me if it possible.
>>>
>>> Best Regards,
>>> _______________________________________________
>>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>
>
More information about the juniper-nsp
mailing list