[j-nsp] NAT

Ibariouen Khalid ibariouen.khalid at ericsson.com
Sun Mar 28 14:45:17 EDT 2010


Hi again 
Yes it's untrust interface ;
I'm taking stats every morning and do clear stats;
This mean that during 24 hours I got around 1977 not nat vector. And it's confusing me


BR/

-----Original Message-----
From: Stefan Fouant [mailto:sfouant at shortestpathfirst.net] 
Sent: dimanche 28 mars 2010 17:49
To: Ibariouen Khalid; juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] NAT

I take it that interface is your untrust interface?

Just out of curiousity, how long had those statistics been running when you pulled them up (i.e. When was the last time you cleared stats or rebooted the box)?  I would suggest clearing interface stats and letting it run for a few days to observe how much that counter increments, or just take a look at the delta between now and the last time you ran that command.  Has it gone up much or at all?

Stefan Fouant
------Original Message------
From: Ibariouen Khalid
To: Stefan Fouant
To: juniper-nsp at puck.nether.net
Subject: RE: [j-nsp]  NAT
Sent: Mar 28, 2010 10:59 AM


Hi
It's policy based;
No session timeouts is configured.
BR/

-----Original Message-----
From: Stefan Fouant [mailto:sfouant at shortestpathfirst.net] 
Sent: dimanche 28 mars 2010 16:57
To: Ibariouen Khalid; juniper-nsp at puck.nether.net
Subject: RE: [j-nsp] NAT

> -----Original Message-----
> From: Ibariouen Khalid [mailto:ibariouen.khalid at ericsson.com]
> Sent: Sunday, March 28, 2010 2:56 AM
> To: Stefan Fouant; juniper-nsp at puck.nether.net
> Subject: RE: [j-nsp] NAT
> 
> 
> Hi stefan
> Yes , I have PAT enabled .

Interface-based PAT or policy-based? Have you modified the session timeouts
for any protocols you are allowing through?

Stefan Fouant, CISSP, JNCIE-M/T
www.shortestpathfirst.net
GPG Key ID: 0xB5E3803D



Sent from my Verizon Wireless BlackBerry



More information about the juniper-nsp mailing list