[j-nsp] mx80 napt-44 with ms-mic on 13.2R5

Alexander Arseniev arseniev at btinternet.com
Wed Sep 24 05:13:00 EDT 2014 

napt44 is most definitely is supported on MS-MIC
http://www.juniper.net/techpubs/en_US/junos13.2/topics/reference/general/nat-implementations-feature-comparison.html 

What is not supported is "no-translation" knob.
Please change Your config to (rough cut):
1/ delete term-1, and
2/ change term-2 to:

+              term term-2 {
+                  from {
+                      source-address {
+                          10.0.0.0/8;
+                      }
+                      destination-address {
+                          0.0.0.0/0;
+                          10.0.0.0/8 except;
+                      }
+                  }
+                  then {
+                      translated {
+                          source-pool NP2;
+                          translation-type {
+                              napt-44;
+                          }

- then re-test and report back please.
Thanks
Alex

On 24/09/2014 06:47, ryanL wrote:
> has anyone been successful here? i'm getting the following error, even
> though juniper's docs seem to indicate this is supported on the ms-mic with
> 13.2.
>
> my ref guides are:
> http://www.juniper.net/techpubs/en_US/junos13.2/information-products/topic-collections/config-guide-services/index.html?features-ms-mic.html
> http://www.juniper.net/techpubs/en_US/junos13.2/topics/example/nat-nat44-config-ms-mpc.html
>
> ry at iad1-er2# show | compare
> [edit]
> +  services {
> +      service-set SSET1 {
> +          nat-rules NAT-RULE1;
> +          interface-service {
> +              service-interface ms-0/2/0;
> +          }
> +      }
> +      nat {
> +          pool NP2 {
> +              address <pub_space>/28;
> +              port {
> +                  automatic;
> +              }
> +          }
> +          rule NAT-RULE1 {
> +              match-direction input;
> +              term term-1 {
> +                  from {
> +                      source-address {
> +                          10.0.0.0/8;
> +                      }
> +                      destination-address {
> +                          10.0.0.0/8;
> +                      }
> +                  }
> +                  then {
> +                      no-translation;
> +                  }
> +              }
> +              term term-2 {
> +                  from {
> +                      source-address {
> +                          10.0.0.0/8;
> +                      }
> +                  }
> +                  then {
> +                      translated {
> +                          source-pool NP2;
> +                          translation-type {
> +                              napt-44;
> +                          }
> +                      }
> +                  }
> +              }
> +          }
> +      }
> +  }
> [edit interfaces]
> +   ms-0/2/0 {
> +       unit 0 {
> +           family inet;
> +       }
> +   }
>
> [edit]
> ry at iad1-er2# commit check
> [edit services]
>    'service-set SSET1'
>      translation type not supported on ms-interface
> error: configuration check-out failed
>
> [edit]
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list