Hi, Port translation will not show utilization because theoretically, you have 65535 sessions per public IP (assuming you started with a class- B on the public side). Utilization only applies to fix-port.
-Ariff On Jul 10, 2007, at 9:54 AM, [EMAIL PROTECTED] wrote: > Hi, > Thx for reply. I know this commands. I think that get xlate should > be show me DIP utilization, but it is empty: > nsisg2000-> get xlate > xlate ctx in use: 0/75000, alloc failed: 0 > ip port x_ip x_port port_cnt dip_id ref_cnt > --------------------------------------------------------------------- > nsisg2000-> > > But I know, that translating working and I have log in NSM Log Viewer. > I have problem, what set that get xlate command show me online > utilization. > > regards, > > lag0da > > > ---- Wiadomość Oryginalna ---- > Od: Ariff Premji <[EMAIL PROTECTED]> > Do: <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> > Kopia do: <juniper-nsp@puck.nether.net> > Data: 10 lipca 2007 16:30 > Temat: Re: [j-nsp] Few question about netscreen ISG 2000 > >> Not sure if many screenOS folks are on this list. Hopefully this >> helps: >> >> I think what you are look for is: >> >>> get interface <int> dip >> >> This info is also available via snmp. >> >> The other thing you may find interesting is the alarming on the fix- >> port pool so that you (example below): >> >>> set dip alarm-raise 75 alarm-clear 50 >> >> Is this what you were looking for ? >> >> >> -Ariff >> >> On Jul 9, 2007, at 1:04 PM, <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> wrote: >> >>> Hi, >>> I have ISG 2000 with ScreenOS 5.4.0r5.0. >>> I have few question: >>> >>> 1. How check statistic for DIP tranlations, I know get counter >>> flow, get dip, and get dip-in. >>> get dip show me only: >>> >>> nsisg2000-> get dip >>> Dip Id Dip Low Dip High Interface Attribute >>> 4 212.2.100.190 212.2.100.190 loopback.2 port-xlate >>> 5 212.2.100.191 212.2.100.191 loopback.2 fix-port >>> 142 212.2.100.142 212.2.100.142 ethernet4/2 port-xlate >>> 143 212.2.100.143 212.2.100.143 ethernet4/2 port-xlate >>> 180 212.2.100.180 212.2.100.180 ethernet4/2 port-xlate >>> 183 212.2.100.183 212.2.100.183 ethernet4/2 port-xlate >>> 184 212.2.100.184 212.2.100.184 ethernet4/2 port-xlate >>> Port-xlated dip stickness off >>> DIP pool utilization alarm: enabled, raise threshold 50%, clear >>> threshold 40% >>> >>> >>> get dip-in is empty, I know that transation is use all time >>> >>> >>> nsisg2000-> get dip-in >>> Incoming dip entries in use: 0/25000, alloc failed: 0 >>> D_IP D_Port H_IP H_Port Interface DIP_Id >>> Ref_Cnt Timeout >>> nsisg2000-> >>> >>> How to set system to show me info about utilization dip ( get dip- >>> in ). But I want utilization online, no grow up from clear counter. >>> I want know how DIP is utilization. >>> Like in CheckPoint: >>> >>> FW[admin]# fw tab -s >>> HOST NAME ID #VALS >>> #PEAK #SLINKS >>> localhost connections 8158 28804 >>> 82206 115122 >>> localhost fwx_alloc 8187 29041 >>> 82260 0 >>> >>> fwx_alloc this is utilization NAT table. >>> >>> 2. Is possible to use in ISG 2000 in GRE tunnel port adress >>> translation ? When I check it I see that in GRE tunnel only >>> address is translated, not port. I have clients which use VPN >>> client in GRE tunnel. I know that I can use many public address to >>> fixed it , but I can not use this solution. >>> >>> Please help me if it possible. >>> >>> Best Regards, >>> _______________________________________________ >>> juniper-nsp mailing list juniper-nsp@puck.nether.net >>> https://puck.nether.net/mailman/listinfo/juniper-nsp >> > > _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp