[j-nsp] NAT configuration restrictions....
Derick Winkworth
dwinkworth at att.net
Mon Aug 11 21:41:51 EDT 2008
I wanted to bring this back up again to see if anyone at Juniper can
shed some light on why this restriction exists and if there are any
plans to fix it?
I ask because it seems this restriction is true even across logical
routers (since there is no "services" configuration sub-tree under the
logical router configuration)?
It just seems so unnecessary to me. Surely there is a better way of
doing this? At least allow the re-use of a pool across
routing-instances and logical routers?
Wink wrote:
> In the AJRE student guide on page 6-21, it says that sessions are
> tracked in one of two ways:
>
> 1. Per-service-set (interface-style service-sets)
> 2. Per-interface (next-hop-style service-sets)
>
> Then in the Services Interfaces Configuration Guide (in the technical
> documentation section Juniper's web site), it says this about
> source-static translations:
>
> #######
> Any addresses in the pool that are not matched in the source-address
> value remain unused, because a pool cannot be
> shared among multiple terms or rules.
> ########
>
>
>
> I can understand not having:
>
> (a) the same pool reused across multiple terms in the same rule
> (b) the same pool reused across rules in the same rule-set
> (c) the same pool reused across rule-sets in the same service-set
>
>
> What I can not understand is that if #1 and #2 at the top of this
> e-mail are true... Why can't we have the same pool referenced in two
> different rules that are in different service-sets? The pool would
> not matter at that point because sessions are tracked by interface not
> by the pool.
>
> Am I missing something?
>
>
>
>
> Message Posted at:
> http://www.groupstudy.com/form/read.php?f=9&i=5570&t=5570
> --------------------------------------------------
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/juniper.html
>
>
>
More information about the juniper-nsp
mailing list