I'd agree it seems that you're running into a bug. Trying your config on my SRX I am able to commit through. Reth's tend to be different than a normal interface from a code standpoint, but nat isn't a limitation (thank god).
If you're working in a lab, try to upgrade to my code version perhaps. If you're in prod, good luck..open up a jtac case and find out which release fixes it. Sorry Leigh, best of luck. [edit security nat] root@Lab-SRX240-11# commit check configuration check succeeds [edit security nat] root@Lab-SRX240-11# show | compare [edit security nat] + destination { + pool wilderness { + address 172.16.253.10/32 port 22; + } + rule-set incoming-connections { + from interface ge-0/0/0.0; + rule port-forard { + match { + destination-address 88.94.205.5/32; + destination-port 22; + } + then { + destination-nat pool wilderness; + } + } + } + } + proxy-arp { + interface ge-0/0/0.0 { + address { + 88.94.205.5/32; + } + } + } [edit security nat] root@Lab-SRX240-11# run show version Hostname: Lab-SRX240-11 Model: srx240h-poe JUNOS Software Release [11.4R1.6] Hope this helps, -Tim Eberhard On Tue, Mar 20, 2012 at 12:09 PM, Leigh Porter <leigh.por...@ukbroadband.com> wrote: > > >> From: Ben Dale [mailto:bd...@comlinx.com.au] >> >> Hi Leigh, >> >> On 20/03/2012, at 10:53 PM, Leigh Porter wrote: >> >> > >> > error: The number of destination NAT pools exceeds limit of 0 [edit >> > security nat destination rule-set incoming-connections rule >> > port-forward then destination-nat] 'pool' >> > failed to get pool (wilderness) >> > error: configuration check-out failed >> >> It looks like a bug, but try changing the "from interface reth0.352" to >> "from zone <zone of interface reth0.352>" and see if the issue goes >> away. Failing that, upgrade to 11.1R6 and see if that fixes it. > > Yeah I thought bug too. I tried the "from zone .." but it didn't fix it. I'm > just about to try 11.blah > > Thanks, > Leigh > > > ______________________________________________________________________ > This email has been scanned by the Symantec Email Security.cloud service. > For more information please visit http://www.symanteccloud.com > ______________________________________________________________________ > > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp