[j-nsp] Destination NAT with Junos 9.5

Alex alex.arseniev at gmail.com
Fri Jun 12 12:24:03 EDT 2009


Have you guys tried splitting NAT rules into multiple service-sets?
The limitation would be that only 1 service-filter can be specified to 
direct traffic into all service-sets.
rgds
Alex

----- Original Message ----- 
From: "陈江" <ilovebgp4 at gmail.com>
To: "Ben Dale" <bdale at comlinx.com.au>
Cc: "juniper-nsp" <juniper-nsp at puck.nether.net>
Sent: Thursday, June 11, 2009 7:12 AM
Subject: Re: [j-nsp] Destination NAT with Junos 9.5


> JUNOS 9.6 will increase the limitation to 256 and even more in future
> release.
>
> On Thu, Jun 11, 2009 at 10:55 AM, Ben Dale <bdale at comlinx.com.au> wrote:
>
>> I have run into this issue in the past - one hack I have used to work
>> around it is to configure for example 8 rules of destination NAT and then 
>> 8
>> rules of static NAT.  The static NAT takes away your ability to specify
>> port, but you could use policies to limit the traffic allowed through 
>> (but
>> not perform PAT though).
>>
>> Cheers,
>>
>> Ben
>>
>>
>>
>>
>> On 10/06/2009, at 11:10 PM, Alexander Shikoff wrote:
>>
>> Hello!
>>
>> I have J2320 with JunOS 9.5, one external interface with one IP-address.
>> I wish to make destination NAT for 12 different hosts in my internal
>> network,
>> for example
>> <external IP> port 5000         -> <local IP1> port 5000
>> <external IP> port 5001         -> <local IP2> port 5001
>> [...]
>>
>> But one rule-set can contain only 8 rules. If I split all 12 rules in 
>> some
>> rule-sets, then I get an error
>> "error: Destination NAT rule-set NAT-Prime and NAT-DOM have same 
>> context."
>>
>> Is there a way to solve this? Thanks.
>>
>> --
>> MINO-RIPE
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>
>
>
> -- 
> BR!
>
>
>
>          James Chen
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
> 



More information about the juniper-nsp mailing list