10.4r5 seems to need some additional tricks... At least on my mx. We also added a service filter to keep it from grabbing other traffic.
Will O'Brien On Aug 14, 2011, at 6:12 PM, "Derick Winkworth" <dwinkwo...@att.net> wrote: > You need two rules actually, you have a rule for the "input" direction, you > need > a rule for the "output" direction as well... > > nat { > pool 87 { > address 41.72.x.86/32; > } > rule test-out { > match-direction output; > term t1 { > from { > destination-address { > 41.72.y.254/32; > } > } > then { > translated { > source-pool 87; > translation-type { > destination static; > } > } > } > } > } > } > > > it'll look something like that... then add that rule to the service-set... > Derick Winkworth > CCIE #15672 (RS, SP), JNCIE-M #721 > http://blinking-network.blogspot.com > > > > > ________________________________ > From: Mauritz Lewies <maur...@three6five.com> > To: juniper-nsp@puck.nether.net > Sent: Sun, August 14, 2011 4:05:22 PM > Subject: [j-nsp] NAT on M120 with MS-PIC > > Hi > > I have a M120 with Junos 10.4 R5.5 and a MS-PIC. > > I'm trying to get one-one static NAT working, but alas no success. > > This is the relevant config: > > root@ZMT-ZM-LMY-MSE-001-RE1> show configuration chassis > redundancy { > routing-engine 0 master; > routing-engine 1 backup; > failover { > on-loss-of-keepalives; > on-disk-failure; > } > graceful-switchover; > } > fpc 5 { > pic 3 { > adaptive-services { > service-package layer-3; > } > } > } > > {master}[edit services] > root@ZMT-ZM-LMY-MSE-001-RE1# show > service-set test { > nat-rules test; > interface-service > service-interface sp-5/3/0 > } > nat { > pool 86 { > address 41.72.y.254/32; > } > rule test { > match-direction input; > term t1 { > from { > source-address { > 41.72.x.86/32; > } > } > then { > translated { > source-pool 86; > translation-type { > source static; > } > } > } > } > } > } > > root@ZMT-ZM-LMY-MSE-001-RE1> show configuration interfaces ge-2/0/1.111 > vlan-id 111; > family inet { > sampling { > input; > output; > } > service { > input { > service-set test; > } > output { > service-set test; > } > } > address 41.72.x.26/30; > } > > {master} > > > But then this output: > > root@ZMT-ZM-LMY-MSE-001-RE1> show services nat mappings summary > > Total number of address mappings: 0 > Total number of endpoint independent port mappings: 0 > Total number of endpoint independent filters: 0 > > {master} > root@ZMT-ZM-LMY-MSE-001-RE1> show services nat mappings summary > > Total number of address mappings: 0 > Total number of endpoint independent port mappings: 0 > Total number of endpoint independent filters: 0 > > {master} > root@ZMT-ZM-LMY-MSE-001-RE1> show services nat statistics interface > ge-2/0/1.111 > > {master} > root@ZMT-ZM-LMY-MSE-001-RE1> show services nat statistics > Interface: sp-5/3/0 > error: This command is not supported on sp-5/3/0 interface > > {master} > > Any help? > > Regards, > > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp