[j-nsp] Destination NAT with Junos 9.5

Alexander Shikoff minotaur at crete.org.ua
Thu Jun 11 03:49:00 EDT 2009


On Thu, Jun 11, 2009 at 02:12:58PM +0800, ?????? wrote:
> JUNOS 9.6 will increase the limitation to 256 and even more in future
> release.

A guy from J-Net Community forum told me that limit will be increased
in 9.5R2. Juniper plans to release it at the end of current month.
My interest is more about impossibility of usage of some rule-sets rather
than limitation of 8 rules. I didn't find any info about rule-set's contexts 
in docs for 9.5.

If I understand correctly, "context" is defined by 'from' in 
[edit security nat destination rule-set]. Thus, if two rule-sets
have the same 'from' configuration, then they are in same context 
and "error: Destination NAT rule-set ... and ... have same context."
occurs. And this limitation looks strange for me as for end-user.

The second annoying issue: under [edit security nat destination rule-set ... rule ...]
'match destination-port' can contain only one port number. I.e. due
to this issue I waste rules instead of placing all needful port numbers 
in one clause.

I don't know yet whether this behavior will be changed in 9.5R2.

-- 
MINO-RIPE


More information about the juniper-nsp mailing list