Hi again Yes it's untrust interface ; I'm taking stats every morning and do clear stats; This mean that during 24 hours I got around 1977 not nat vector. And it's confusing me
BR/ -----Original Message----- From: Stefan Fouant [mailto:sfou...@shortestpathfirst.net] Sent: dimanche 28 mars 2010 17:49 To: Ibariouen Khalid; juniper-nsp@puck.nether.net Subject: Re: [j-nsp] NAT I take it that interface is your untrust interface? Just out of curiousity, how long had those statistics been running when you pulled them up (i.e. When was the last time you cleared stats or rebooted the box)? I would suggest clearing interface stats and letting it run for a few days to observe how much that counter increments, or just take a look at the delta between now and the last time you ran that command. Has it gone up much or at all? Stefan Fouant ------Original Message------ From: Ibariouen Khalid To: Stefan Fouant To: juniper-nsp@puck.nether.net Subject: RE: [j-nsp] NAT Sent: Mar 28, 2010 10:59 AM Hi It's policy based; No session timeouts is configured. BR/ -----Original Message----- From: Stefan Fouant [mailto:sfou...@shortestpathfirst.net] Sent: dimanche 28 mars 2010 16:57 To: Ibariouen Khalid; juniper-nsp@puck.nether.net Subject: RE: [j-nsp] NAT > -----Original Message----- > From: Ibariouen Khalid [mailto:ibariouen.kha...@ericsson.com] > Sent: Sunday, March 28, 2010 2:56 AM > To: Stefan Fouant; juniper-nsp@puck.nether.net > Subject: RE: [j-nsp] NAT > > > Hi stefan > Yes , I have PAT enabled . Interface-based PAT or policy-based? Have you modified the session timeouts for any protocols you are allowing through? Stefan Fouant, CISSP, JNCIE-M/T www.shortestpathfirst.net GPG Key ID: 0xB5E3803D Sent from my Verizon Wireless BlackBerry _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp