I've got a problem with NAT on an M10i with Junos 10.4. Simple PNAP interface, works fine for TCP and UDP. Doesn't work for PPTP or IPSEC. Way back in my mind I remember something about having to create a second nat rule without port mapping, but its not working. I'm pretty sure I'm forgetting something here. Can someone spare a 2x4 and clue me over the head?
---yes, I know that the filters in the configuration below aren't active.
Here's the configuration now:
interfaces {
ge-0/0/0 {
unit 0 {
family inet {
address 192.168.1.1/24;
}
}
}
ge-0/1/0 {
unit 0 {
family inet {
service {
input {
service-set NAT;
}
output {
service-set NAT;
}
}
address 192.168.2.1/24;
}
}
}
sp-0/3/0 {
unit 0 {
family inet;
}
}
….
firewall {
filter UNTRUST-IN {
term ICMP {
from {
destination-address {
192.168.2.1/4;
}
protocol icmp;
}
then accept;
}
term EVERYTHING-ELSE {
then {
discard;
}
}
}
filter TRUST-OUT {
term IPOUT {
from {
source-address {
192.168.1.0/24;
}
destination-address {
0.0.0.0/0;
}
}
then accept;
}
}
}
services {
service-set NAT {
nat-rules Outbound;
interface-service {
service-interface sp-0/3/0.0;
}
}
nat {
pool NATPOOL {
address 192.168.2.3/32
port {
automatic;
}
}
pool GRE-NATPOOL {
address 192.168.2.3/32
}
rule Outbound {
match-direction output;
term PPTP_VPNs {
from {
source-address {
192.168.1.0/24;
}
applications GRE-PPTP;
}
then {
translated {
source-pool GRE-NATPOOL;
translation-type {
source dynamic;
}
}
}
}
term Else {
from {
source-address {
192.168.1.0/24;
}
}
then {
translated {
source-pool NATPOOL;
translation-type {
source dynamic;
}
}
}
}
}
}
adaptive-services-pics {
traceoptions {
flag all;
}
}
}
applications {
application GRE-PPTP {
protocol gre;
}
}
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source and other randomness