he said he did that already.. unfortunately i don't think the limits were upped for source/destination nat rules, i think it is still 8 on 9.6r1
On Tue, Nov 3, 2009 at 8:39 AM, Derick Winkworth <dwinkwo...@att.net> wrote: > Upgrade to 9.6. You can have many more rules per rule-set... > > > > > ________________________________ > From: Christopher M. Hobbs <ch...@altbit.org> > To: juniper-nsp@puck.nether.net > Sent: Tue, November 3, 2009 10:08:13 AM > Subject: [j-nsp] destination nat, 8 rule limit > > If I try to set up more than 8 rules per rule-set on our > SRX240 boxes, Junos gets cranky. Here's the error I > receive: > > --- > cho...@ss0101# commit check > [edit security nat destination rule-set mail] > 'rule' > number of elements exceeds limit of 8 > error: configuration check-out failed: (number of elements exceeds limit) > --- > > I can't break our rules out into different rule sets because > it complains of context at that point (which I believe is > tied to the destination address?): > > --- > cho...@ss0101# commit check > error: Destination NAT rule-set mail and test have same > context. > [edit security nat destination] > 'rule-set test' > Destination NAT rule-set(test) sanity check failed. > error: configuration check-out failed > --- > > All of our incoming addresses exist on the same subnet and > the majority of our destination addresses are on the same > subnet as well, so I clearly can't split up our rules to > work around this issue if the context is based on either the > incoming or destination addresses. > > I've read a couple of threads concerning a similar issue and > the fix was to upgrade to 9.6, which I did. The upgrade > didn't appear to solve anything at all. > > Does anyone know why this restriction is here other than > just poor programming? How can I get past this limitation? > > Thanks for your time! > -- > C.M. Hobbs, http://altbit.org > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp