You need two rules actually, you have a rule for the "input" direction, you need a rule for the "output" direction as well...
nat { pool 87 { address 41.72.x.86/32; } rule test-out { match-direction output; term t1 { from { destination-address { 41.72.y.254/32; } } then { translated { source-pool 87; translation-type { destination static; } } } } } } it'll look something like that... then add that rule to the service-set... Derick Winkworth CCIE #15672 (RS, SP), JNCIE-M #721 http://blinking-network.blogspot.com ________________________________ From: Mauritz Lewies <maur...@three6five.com> To: juniper-nsp@puck.nether.net Sent: Sun, August 14, 2011 4:05:22 PM Subject: [j-nsp] NAT on M120 with MS-PIC Hi I have a M120 with Junos 10.4 R5.5 and a MS-PIC. I'm trying to get one-one static NAT working, but alas no success. This is the relevant config: root@ZMT-ZM-LMY-MSE-001-RE1> show configuration chassis redundancy { routing-engine 0 master; routing-engine 1 backup; failover { on-loss-of-keepalives; on-disk-failure; } graceful-switchover; } fpc 5 { pic 3 { adaptive-services { service-package layer-3; } } } {master}[edit services] root@ZMT-ZM-LMY-MSE-001-RE1# show service-set test { nat-rules test; interface-service service-interface sp-5/3/0 } nat { pool 86 { address 41.72.y.254/32; } rule test { match-direction input; term t1 { from { source-address { 41.72.x.86/32; } } then { translated { source-pool 86; translation-type { source static; } } } } } } root@ZMT-ZM-LMY-MSE-001-RE1> show configuration interfaces ge-2/0/1.111 vlan-id 111; family inet { sampling { input; output; } service { input { service-set test; } output { service-set test; } } address 41.72.x.26/30; } {master} But then this output: root@ZMT-ZM-LMY-MSE-001-RE1> show services nat mappings summary Total number of address mappings: 0 Total number of endpoint independent port mappings: 0 Total number of endpoint independent filters: 0 {master} root@ZMT-ZM-LMY-MSE-001-RE1> show services nat mappings summary Total number of address mappings: 0 Total number of endpoint independent port mappings: 0 Total number of endpoint independent filters: 0 {master} root@ZMT-ZM-LMY-MSE-001-RE1> show services nat statistics interface ge-2/0/1.111 {master} root@ZMT-ZM-LMY-MSE-001-RE1> show services nat statistics Interface: sp-5/3/0 error: This command is not supported on sp-5/3/0 interface {master} Any help? Regards, _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp