[rbak-nsp] SE400 + CLIPS + NAT + ? MTU ?? problem
Golem
golem at mtm-info.pl
Tue Dec 3 11:04:25 EST 2013
Hello Kuba,
This is because nat start translation from low ports like 1-1024.
These ports are reserved on some systems.
Try adding:
ip nat pool ......
address (your public ip) port-block 1 to 15
Tuesday, December 3, 2013, 4:00:18 PM, you wrote:
> Hi
> I set up clips context on SE400
> Redback Networks SmartEdge OS Version SEOS-6.2.1.9.46-Release
> and all is running more less ok - except some websites.
> http://www.speedtest.pl/ or http://yahoo.com can not be displayed.
> I cannot figure out what is wrong. It looks like MTU problem - but how
> can it MTU problem in clips ?
> When i switch user to external ip addres - not using nat - everything
> works PERFECT.
> I had the same problem in PPPOE context but was solved using
> interface LAN_PPPOE multibind
> ip address 10.192.255.254/16
> ip mtu 1460
> ip clear-df
> ip tcp mss replace 1420
> Anyone any ideas - please ?
> context CLIPS
> !
> no ip domain-lookup
> !
> ip nat pool NAT_POOL napt multibind
> address 199.189.55.161/32 port-block 0 to 15
> !
> ip nat pool NAT_POOL_2 napt multibind
> address 199.189.55.162/32 port-block 0 to 15
> nat policy nat-policy
> ! Default class
> ignore
> endpoint-independent filtering udp
> ! Named classes
> access-group ACL_NAT
> class ACL_NAT10
> pool NAT_POOL CLIPS
> timeout tcp 3600
> timeout udp 60
> timeout fin-reset 60
> timeout icmp 30
> timeout syn 60
> admission-control tcp
> admission-control udp
> admission-control icmp
> endpoint-independent filtering udp
> class NO_NAT
> ignore
> class DNAT_53
> pool NAT_POOL CLIPS
> destination 8.8.8.8
> class ACL_NAT20
> pool NAT_POOL_2 CLIPS
> timeout tcp 3600
> timeout udp 60
> timeout fin-reset 60
> timeout icmp 30
> timeout syn 60
> admission-control tcp
> admission-control udp
> admission-control icmp
> endpoint-independent filtering udp
> interface LAN multibind
> description CLIPS LAN
> ip address 10.99.255.254/16
> dhcp server interface
> ip arp proxy-arp
> interface EXT-LAN multibind
> description CLIPS EXTERNAL ADDRESSES
> ip address 194.183.55.185/29
> dhcp server interface
> ip clear-df
> interface loopCLIPS loopback
> ip address 199.189.55.132/32
> ip source-address radius
> no logging console
> !
> policy access-list ACL_NAT
> seq 1 permit ip 10.99.0.0 0.0.255.255 host 66.66.66.66 class NO_NAT
> seq 10 permit ip 10.99.0.0 0.0.0.255 any class ACL_NAT10
> seq 20 permit ip 10.99.1.0 0.0.0.255 any class ACL_NAT20
> subscriber default
> port-limit 1
> qos policy policing PPPoE_upload
> qos policy metering PPPoE_download
> nat policy-name nat-policy
> dhcp max-addrs 1
> dns primary 8.8.8.8
> dns secondary 8.8.4.4
> session-limit agent-remote-id 1
> ip route 0.0.0.0/0 context BGP
> service telnet client
> !
> dhcp server policy
> nak-on-subnet-deletion
> offer-lease-time 300
> default-lease-time 180
> maximum-lease-time 180
> subnet 10.99.0.0/16
> range 10.99.0.100 10.99.255.100
> option subnet-mask 255.255.0.0
> option router 10.99.255.254
> option domain-name-server 8.8.8.8
> subnet 199.189.55.184/29
> range 1 199.189.55.186 194.183.55.190
> option subnet-mask 255.255.255.248
> option router 199.189.55.185
> option domain-name-server 8.8.8.8
--
Best regards,
Ozga Rafal mailto:golem at mtm-info.pl
More information about the redback-nsp
mailing list