Re: [j-nsp] NAT on M120 with MS-PIC
no, thats normal... actually if sessions are always being initiated from outside in this case then he doesn't need the "input" direction rule... Sent from Yahoo! Mail on Android ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] NAT on M120 with MS-PIC
10.4r5 seems to need some additional tricks... At least on my mx. We also added
a service filter to keep it from grabbing other traffic.
Will O'Brien
On Aug 14, 2011, at 6:12 PM, "Derick Winkworth" wrote:
> You need two rules actually, you have a rule for the "input" direction, you
> need
> a rule for the "output" direction as well...
>
> nat {
>pool 87 {
>address 41.72.x.86/32;
>}
>rule test-out {
>match-direction output;
>term t1 {
>from {
>destination-address {
>41.72.y.254/32;
>}
>}
>then {
>translated {
>source-pool 87;
>translation-type {
>destination static;
>}
>}
>}
>}
>}
> }
>
>
> it'll look something like that... then add that rule to the service-set...
> Derick Winkworth
> CCIE #15672 (RS, SP), JNCIE-M #721
> http://blinking-network.blogspot.com
>
>
>
>
> ____________
> From: Mauritz Lewies
> To: juniper-nsp@puck.nether.net
> Sent: Sun, August 14, 2011 4:05:22 PM
> Subject: [j-nsp] NAT on M120 with MS-PIC
>
> Hi
>
> I have a M120 with Junos 10.4 R5.5 and a MS-PIC.
>
> I'm trying to get one-one static NAT working, but alas no success.
>
> This is the relevant config:
>
> root@ZMT-ZM-LMY-MSE-001-RE1> show configuration chassis
> redundancy {
>routing-engine 0 master;
>routing-engine 1 backup;
>failover {
>on-loss-of-keepalives;
>on-disk-failure;
>}
>graceful-switchover;
> }
> fpc 5 {
>pic 3 {
>adaptive-services {
>service-package layer-3;
>}
>}
> }
>
> {master}[edit services]
> root@ZMT-ZM-LMY-MSE-001-RE1# show
> service-set test {
>nat-rules test;
>interface-service
>service-interface sp-5/3/0
> }
> nat {
>pool 86 {
>address 41.72.y.254/32;
>}
>rule test {
>match-direction input;
>term t1 {
>from {
>source-address {
>41.72.x.86/32;
>}
>}
>then {
>translated {
>source-pool 86;
>translation-type {
>source static;
>}
>}
>}
>}
>}
> }
>
> root@ZMT-ZM-LMY-MSE-001-RE1> show configuration interfaces ge-2/0/1.111
> vlan-id 111;
> family inet {
>sampling {
>input;
>output;
>}
>service {
>input {
>service-set test;
>}
>output {
>service-set test;
>}
>}
>address 41.72.x.26/30;
> }
>
> {master}
>
>
> But then this output:
>
> root@ZMT-ZM-LMY-MSE-001-RE1> show services nat mappings summary
>
> Total number of address mappings: 0
> Total number of endpoint independent port mappings: 0
> Total number of endpoint independent filters: 0
>
> {master}
> root@ZMT-ZM-LMY-MSE-001-RE1> show services nat mappings summary
>
> Total number of address mappings: 0
> Total number of endpoint independent port mappings: 0
> Total number of endpoint independent filters: 0
>
> {master}
> root@ZMT-ZM-LMY-MSE-001-RE1> show services nat statistics interface
> ge-2/0/1.111
>
> {master}
> root@ZMT-ZM-LMY-MSE-001-RE1> show services nat statistics
> Interface: sp-5/3/0
> error: This command is not supported on sp-5/3/0 interface
>
> {master}
>
> Any help?
>
> Regards,
>
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] NAT on M120 with MS-PIC
You need two rules actually, you have a rule for the "input" direction, you
need
a rule for the "output" direction as well...
nat {
pool 87 {
address 41.72.x.86/32;
}
rule test-out {
match-direction output;
term t1 {
from {
destination-address {
41.72.y.254/32;
}
}
then {
translated {
source-pool 87;
translation-type {
destination static;
}
}
}
}
}
}
it'll look something like that... then add that rule to the service-set...
Derick Winkworth
CCIE #15672 (RS, SP), JNCIE-M #721
http://blinking-network.blogspot.com
From: Mauritz Lewies
To: juniper-nsp@puck.nether.net
Sent: Sun, August 14, 2011 4:05:22 PM
Subject: [j-nsp] NAT on M120 with MS-PIC
Hi
I have a M120 with Junos 10.4 R5.5 and a MS-PIC.
I'm trying to get one-one static NAT working, but alas no success.
This is the relevant config:
root@ZMT-ZM-LMY-MSE-001-RE1> show configuration chassis
redundancy {
routing-engine 0 master;
routing-engine 1 backup;
failover {
on-loss-of-keepalives;
on-disk-failure;
}
graceful-switchover;
}
fpc 5 {
pic 3 {
adaptive-services {
service-package layer-3;
}
}
}
{master}[edit services]
root@ZMT-ZM-LMY-MSE-001-RE1# show
service-set test {
nat-rules test;
interface-service
service-interface sp-5/3/0
}
nat {
pool 86 {
address 41.72.y.254/32;
}
rule test {
match-direction input;
term t1 {
from {
source-address {
41.72.x.86/32;
}
}
then {
translated {
source-pool 86;
translation-type {
source static;
}
}
}
}
}
}
root@ZMT-ZM-LMY-MSE-001-RE1> show configuration interfaces ge-2/0/1.111
vlan-id 111;
family inet {
sampling {
input;
output;
}
service {
input {
service-set test;
}
output {
service-set test;
}
}
address 41.72.x.26/30;
}
{master}
But then this output:
root@ZMT-ZM-LMY-MSE-001-RE1> show services nat mappings summary
Total number of address mappings: 0
Total number of endpoint independent port mappings: 0
Total number of endpoint independent filters: 0
{master}
root@ZMT-ZM-LMY-MSE-001-RE1> show services nat mappings summary
Total number of address mappings: 0
Total number of endpoint independent port mappings: 0
Total number of endpoint independent filters: 0
{master}
root@ZMT-ZM-LMY-MSE-001-RE1> show services nat statistics interface ge-2/0/1.111
{master}
root@ZMT-ZM-LMY-MSE-001-RE1> show services nat statistics
Interface: sp-5/3/0
error: This command is not supported on sp-5/3/0 interface
{master}
Any help?
Regards,
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] NAT on M120 with MS-PIC
Hi
I have a M120 with Junos 10.4 R5.5 and a MS-PIC.
I'm trying to get one-one static NAT working, but alas no success.
This is the relevant config:
root@ZMT-ZM-LMY-MSE-001-RE1> show configuration chassis
redundancy {
routing-engine 0 master;
routing-engine 1 backup;
failover {
on-loss-of-keepalives;
on-disk-failure;
}
graceful-switchover;
}
fpc 5 {
pic 3 {
adaptive-services {
service-package layer-3;
}
}
}
{master}[edit services]
root@ZMT-ZM-LMY-MSE-001-RE1# show
service-set test {
nat-rules test;
interface-service
service-interface sp-5/3/0
}
nat {
pool 86 {
address 41.72.y.254/32;
}
rule test {
match-direction input;
term t1 {
from {
source-address {
41.72.x.86/32;
}
}
then {
translated {
source-pool 86;
translation-type {
source static;
}
}
}
}
}
}
root@ZMT-ZM-LMY-MSE-001-RE1> show configuration interfaces ge-2/0/1.111
vlan-id 111;
family inet {
sampling {
input;
output;
}
service {
input {
service-set test;
}
output {
service-set test;
}
}
address 41.72.x.26/30;
}
{master}
But then this output:
root@ZMT-ZM-LMY-MSE-001-RE1> show services nat mappings summary
Total number of address mappings: 0
Total number of endpoint independent port mappings: 0
Total number of endpoint independent filters: 0
{master}
root@ZMT-ZM-LMY-MSE-001-RE1> show services nat mappings summary
Total number of address mappings: 0
Total number of endpoint independent port mappings: 0
Total number of endpoint independent filters: 0
{master}
root@ZMT-ZM-LMY-MSE-001-RE1> show services nat statistics interface ge-2/0/1.111
{master}
root@ZMT-ZM-LMY-MSE-001-RE1> show services nat statistics
Interface: sp-5/3/0
error: This command is not supported on sp-5/3/0 interface
{master}
Any help?
Regards,
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
