[j-nsp] NAT on M120 with MS-PIC

Derick Winkworth dwinkworth at att.net
Sun Aug 14 19:11:22 EDT 2011 

You need two rules actually, you have a rule for the "input" direction, you need 
a rule for the "output" direction as well...  

nat {
    pool 87 {
        address 41.72.x.86/32;
    }
    rule test-out {
        match-direction output;
        term t1 {
            from {
                destination-address {
                    41.72.y.254/32;
                }
            }
            then {
                translated {
                    source-pool 87;
                    translation-type {
                        destination static;
                    }
                }
            }
        }
    }
}
 

it'll look something like that... then add that rule to the service-set...
Derick Winkworth
CCIE #15672 (RS, SP), JNCIE-M #721
http://blinking-network.blogspot.com




________________________________
From: Mauritz Lewies <mauritz at three6five.com>
To: juniper-nsp at puck.nether.net
Sent: Sun, August 14, 2011 4:05:22 PM
Subject: [j-nsp] NAT on M120 with MS-PIC

Hi

I have a M120 with Junos 10.4 R5.5 and a MS-PIC.

I'm trying to get one-one static NAT working, but alas no success.

This is the relevant config:

root at ZMT-ZM-LMY-MSE-001-RE1> show configuration chassis
redundancy {
    routing-engine 0 master;
    routing-engine 1 backup;
    failover {
        on-loss-of-keepalives;
        on-disk-failure;
    }
    graceful-switchover;
}
fpc 5 {
    pic 3 {
        adaptive-services {
            service-package layer-3;
        }
    }
}

{master}[edit services]
root at ZMT-ZM-LMY-MSE-001-RE1# show
service-set test {
    nat-rules test;
    interface-service 
    service-interface sp-5/3/0
}
nat {
    pool 86 {
        address 41.72.y.254/32;
    }
    rule test {
        match-direction input;
        term t1 {
            from {
                source-address {
                    41.72.x.86/32;
                }
            }
            then {
                translated {
                    source-pool 86;
                    translation-type {
                        source static;
                    }
                }
            }
        }
    }
}

root at ZMT-ZM-LMY-MSE-001-RE1> show configuration interfaces ge-2/0/1.111
vlan-id 111;
family inet {
    sampling {
        input;
        output;
    }
    service {
        input {
            service-set test;
        }
        output {
            service-set test;
        }
    }
    address 41.72.x.26/30;
}

{master}


But then this output:

root at ZMT-ZM-LMY-MSE-001-RE1> show services nat mappings summary

Total number of address mappings:                           0
Total number of endpoint independent port mappings:         0
Total number of endpoint independent filters:               0

{master}
root at ZMT-ZM-LMY-MSE-001-RE1> show services nat mappings summary

Total number of address mappings:                           0
Total number of endpoint independent port mappings:         0
Total number of endpoint independent filters:               0

{master}
root at ZMT-ZM-LMY-MSE-001-RE1> show services nat statistics interface ge-2/0/1.111

{master}
root at ZMT-ZM-LMY-MSE-001-RE1> show services nat statistics
Interface: sp-5/3/0
error: This command is not supported on sp-5/3/0 interface

{master}

Any help?

Regards,

_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list