I've got a problem with NAT on an M10i with Junos 10.4. Simple PNAP interface, works fine for TCP and UDP. Doesn't work for PPTP or IPSEC. Way back in my mind I remember something about having to create a second nat rule without port mapping, but its not working. I'm pretty sure I'm forgetting something here. Can someone spare a 2x4 and clue me over the head?
---yes, I know that the filters in the configuration below aren't active. Here's the configuration now: interfaces { ge-0/0/0 { unit 0 { family inet { address 192.168.1.1/24; } } } ge-0/1/0 { unit 0 { family inet { service { input { service-set NAT; } output { service-set NAT; } } address 192.168.2.1/24; } } } sp-0/3/0 { unit 0 { family inet; } } …. firewall { filter UNTRUST-IN { term ICMP { from { destination-address { 192.168.2.1/4; } protocol icmp; } then accept; } term EVERYTHING-ELSE { then { discard; } } } filter TRUST-OUT { term IPOUT { from { source-address { 192.168.1.0/24; } destination-address { 0.0.0.0/0; } } then accept; } } } services { service-set NAT { nat-rules Outbound; interface-service { service-interface sp-0/3/0.0; } } nat { pool NATPOOL { address 192.168.2.3/32 port { automatic; } } pool GRE-NATPOOL { address 192.168.2.3/32 } rule Outbound { match-direction output; term PPTP_VPNs { from { source-address { 192.168.1.0/24; } applications GRE-PPTP; } then { translated { source-pool GRE-NATPOOL; translation-type { source dynamic; } } } } term Else { from { source-address { 192.168.1.0/24; } } then { translated { source-pool NATPOOL; translation-type { source dynamic; } } } } } } adaptive-services-pics { traceoptions { flag all; } } } applications { application GRE-PPTP { protocol gre; } } -- Jo Rhett Net Consonance : consonant endings by net philanthropy, open source and other randomness _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp