[j-nsp] nat - non-inline - service card ms-mic-16G in mx104

Aaron aaron1 at gvtc.com
Tue Mar 8 14:28:53 EST 2016 

Alexander, you're awesome J

 

Thanks, that's all I needed!

 

Also, I had to realize the CGNAT Day One doc that I've been reading since
it's based on the MS-DPC, the show service nat mapping detail doesn't work
either, but apparently the mx104 with ms-mic uses show services
stateful-firewall flows is what I needed to use to see flows.

 

Aaron

 

From: Alexander Arseniev [mailto:arseniev at btinternet.com] 
Sent: Tuesday, March 8, 2016 10:36 AM
To: Aaron <aaron1 at gvtc.com>; juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] nat - non-inline - service card ms-mic-16G in mx104

 

Hello,
MS-MIC service interfaces are called ms-*, not sp-*.
Also, You don't need these lines with MS-MIC:




set chassis fpc 1 pic 0 adaptive-services service-package layer-3
set interfaces sp-1/0/0 services-options cgn-pic
 


And the recommended JUNOS version for MS-MIC CGNAT is 14.2R5 or newer.
Thx
Alex

On 08/03/2016 17:21, Aaron wrote:

Anybody know what I'm doing wrong ?  I can't seem to get nat to work.  I'm
trying to do v4 to v4 with port translation (NAPT-44) using NON-inline nat.
so I'm using an MX104 with a MS-MIC-16G
 
 
 
FPC 1                     BUILTIN      BUILTIN           MPC BUILTIN
 
  MIC 0          REV 17   750-123456   123456          MS-MIC-16G
 
    PIC 0                 BUILTIN      BUILTIN           MS-MIC-16G
 
 
 
My config currently..
 
 
 
Ge-1/3/1 is my nat inside interface
 
Ge-1/3/2 is my nat outside interface
 
 
 
root> show configuration | display set
 
set version 13.3R6.5
 
set system root-authentication encrypted-password "removed"
 
set system syslog user * any emergency
 
set system syslog file messages any notice
 
set system syslog file messages authorization info
 
set system syslog file interactive-commands interactive-commands any
 
set chassis fpc 1 pic 0 adaptive-services service-package layer-3
 
set services service-set sset2 nat-rules rule1
 
set services service-set sset2 interface-service service-interface sp-1/0/0
 
set services nat pool nat1 address 1.2.3.0/25
 
set services nat pool nat1 port automatic auto
 
set services nat rule rule1 match-direction input
 
set services nat rule rule1 term other1 from source-address-range low
9.9.9.1 high 9.9.9.100
 
set services nat rule rule1 term other1 then translated source-pool nat1
 
set services nat rule rule1 term other1 then translated translation-type
napt-44
 
set interfaces sp-1/0/0 description "cgn interface"
 
set interfaces sp-1/0/0 services-options cgn-pic
 
set interfaces sp-1/0/0 unit 0 family inet
 
set interfaces ge-1/3/0 disable
 
set interfaces ge-1/3/1 description private
 
set interfaces ge-1/3/1 speed 100m
 
set interfaces ge-1/3/1 unit 0 family inet service input service-set sset2
 
set interfaces ge-1/3/1 unit 0 family inet service output service-set sset2
 
set interfaces ge-1/3/1 unit 0 family inet address 10.144.1.5/30
 
set interfaces ge-1/3/2 description public
 
set interfaces ge-1/3/2 speed 100m
 
set interfaces ge-1/3/2 unit 0 family inet address 10.144.2.5/30
 
set routing-options static route 9.9.9.0/24 next-hop 10.144.1.6
 
 
 
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
<mailto:juniper-nsp at puck.nether.net> 
https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list