[j-nsp] NAT on M120 with MS-PIC
OBrien, Will
ObrienH at missouri.edu
Sun Aug 14 21:11:16 EDT 2011
10.4r5 seems to need some additional tricks... At least on my mx. We also added a service filter to keep it from grabbing other traffic.
Will O'Brien
On Aug 14, 2011, at 6:12 PM, "Derick Winkworth" <dwinkworth at att.net> wrote:
> You need two rules actually, you have a rule for the "input" direction, you need
> a rule for the "output" direction as well...
>
> nat {
> pool 87 {
> address 41.72.x.86/32;
> }
> rule test-out {
> match-direction output;
> term t1 {
> from {
> destination-address {
> 41.72.y.254/32;
> }
> }
> then {
> translated {
> source-pool 87;
> translation-type {
> destination static;
> }
> }
> }
> }
> }
> }
>
>
> it'll look something like that... then add that rule to the service-set...
> Derick Winkworth
> CCIE #15672 (RS, SP), JNCIE-M #721
> http://blinking-network.blogspot.com
>
>
>
>
> ________________________________
> From: Mauritz Lewies <mauritz at three6five.com>
> To: juniper-nsp at puck.nether.net
> Sent: Sun, August 14, 2011 4:05:22 PM
> Subject: [j-nsp] NAT on M120 with MS-PIC
>
> Hi
>
> I have a M120 with Junos 10.4 R5.5 and a MS-PIC.
>
> I'm trying to get one-one static NAT working, but alas no success.
>
> This is the relevant config:
>
> root at ZMT-ZM-LMY-MSE-001-RE1> show configuration chassis
> redundancy {
> routing-engine 0 master;
> routing-engine 1 backup;
> failover {
> on-loss-of-keepalives;
> on-disk-failure;
> }
> graceful-switchover;
> }
> fpc 5 {
> pic 3 {
> adaptive-services {
> service-package layer-3;
> }
> }
> }
>
> {master}[edit services]
> root at ZMT-ZM-LMY-MSE-001-RE1# show
> service-set test {
> nat-rules test;
> interface-service
> service-interface sp-5/3/0
> }
> nat {
> pool 86 {
> address 41.72.y.254/32;
> }
> rule test {
> match-direction input;
> term t1 {
> from {
> source-address {
> 41.72.x.86/32;
> }
> }
> then {
> translated {
> source-pool 86;
> translation-type {
> source static;
> }
> }
> }
> }
> }
> }
>
> root at ZMT-ZM-LMY-MSE-001-RE1> show configuration interfaces ge-2/0/1.111
> vlan-id 111;
> family inet {
> sampling {
> input;
> output;
> }
> service {
> input {
> service-set test;
> }
> output {
> service-set test;
> }
> }
> address 41.72.x.26/30;
> }
>
> {master}
>
>
> But then this output:
>
> root at ZMT-ZM-LMY-MSE-001-RE1> show services nat mappings summary
>
> Total number of address mappings: 0
> Total number of endpoint independent port mappings: 0
> Total number of endpoint independent filters: 0
>
> {master}
> root at ZMT-ZM-LMY-MSE-001-RE1> show services nat mappings summary
>
> Total number of address mappings: 0
> Total number of endpoint independent port mappings: 0
> Total number of endpoint independent filters: 0
>
> {master}
> root at ZMT-ZM-LMY-MSE-001-RE1> show services nat statistics interface ge-2/0/1.111
>
> {master}
> root at ZMT-ZM-LMY-MSE-001-RE1> show services nat statistics
> Interface: sp-5/3/0
> error: This command is not supported on sp-5/3/0 interface
>
> {master}
>
> Any help?
>
> Regards,
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list