Yup it is a bug, it works fine in 11.4R1.6.
--
Leigh
-Original Message-
From: Ben Dale [mailto:bd...@comlinx.com.au]
Sent: 20 March 2012 13:09
To: Leigh Porter
Cc: juniper-nsp@puck.nether.net
Subject: Re: [j-nsp] Destination NAT on SRX cluster
Hi Leigh,
On 20/03/2012, at 10
Hello Folks,
I am configuring a cluster of SRX240s running 11.1R3.5 for destination NAT.
Simply, a device in the DMZ zone on a private IP address listening on port 22
needs to be reachable from the untrust zone on port 22.
destination {
pool wilderness {
address
Hi Leigh,
On 20/03/2012, at 10:53 PM, Leigh Porter wrote:
error: The number of destination NAT pools exceeds limit of 0
[edit security nat destination rule-set incoming-connections rule
port-forward then destination-nat]
'pool'
failed to get pool (wilderness)
error: configuration
From: Ben Dale [mailto:bd...@comlinx.com.au]
Hi Leigh,
On 20/03/2012, at 10:53 PM, Leigh Porter wrote:
error: The number of destination NAT pools exceeds limit of 0 [edit
security nat destination rule-set incoming-connections rule
port-forward then destination-nat] 'pool'
I'd agree it seems that you're running into a bug. Trying your config
on my SRX I am able to commit through. Reth's tend to be different
than a normal interface from a code standpoint, but nat isn't a
limitation (thank god).
If you're working in a lab, try to upgrade to my code version perhaps.
5 matches
Mail list logo