The sad bit is that I've done Nat on SRX just like that as well. Thanks for the sanity check. I pulled the lo0 address and poof it works.
Now I'm trying to stack my bandwidth policer with the nat config and hitting a similar issue. I think the only way to do both is to put the nat process into a routing instance... Any thoughts on that one? As soon as I enable my policer filter, traffic breaks again. I presume that it never returns to the interface filter to hit the service filter. On May 17, 2011, at 11:45 PM, Julien Goodwin wrote: > On 18/05/11 10:34, OBrien, Will wrote: >> I've been working through a nat configuration on my lab MX960 with a MS-DPC >> blade that I've borrowed. >> To start, I'm trying to create a simple nat'd subnet. However, the NAT guide >> that I've been provided doesn't really fit my current design. >> >> The example I'm looking at uses a nat pool that's defined like so: >> 150.150.150.0/24 >> >> with an outside interface that has say, 150.150.150.1/24 on it, >> >> Ok. >> >> Well, in my world, I use MX's for BGP announcements. So I'm trying to put >> the NAT source interface on a lo0 instead of a normal interface. >> >> Is anyone else doing it this way or is there some other sneaky trick I'm >> missing? So far applying the service filter only seems to break traffic. > > I've not done NAT on MX only SRX, but with an SRX just announce the NAT > pool as a route (static and readvertise, for whatever reason just adding > a pool isn't enough to make it eligible for redist), don't need to > assign it to an interface at all. > > -- > Julien Goodwin > Studio442 > "Blue Sky Solutioneering" > Will O'Brien University of Missouri, DoIT DNPS Network Systems Analyst - Redacted obri...@missouri.edu _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp