Routing

Expand all | Collapse all

napt-44 on MX240

Jump to Best Answer
  • 1.  napt-44 on MX240

    Posted 08-14-2017 00:59

    Hello all,

    Im trying to make a overload nat, so to nat a range toward a single outside ip on a router MX240, it has the card DPCE 20x 1GE + 2x 10GE .  When pinging a public ip with source the range to be nated is not showing nothing, also the command show services inline nat statistisc is not showing anything, please anybody help, thank you:

    Blow the config:  

     

    services {
    service-set s1 {
    nat-rules SRC-NAT1;
    interface-service {
    service-interface sp-2/0/0;
    }
    }

     

     

    nat {
    pool p1 {
    address x.x.x.x/32;
    port {
    automatic;
    }
    }
    rule SRC-NAT1 {
    match-direction input;
    term r1 {
    from {
    source-address {
    10.2.21.0/24;
    }
    }
    then {
    translated {
    source-pool p1;
    translation-type {
    napt-44;
    }
    }
    }
    }
    }
    }

     

    irb {

    unit 2021 {
    family inet {
    address 10.2.21.1/24;

    }}

     

    fpc 1 {
    pic 0 {
    inline-services {
    bandwidth 1g;
    }
    }
    pic 1 {
    inline-services {
    bandwidth 1g;
    }
    }
    pic 2 {
    inline-services {
    bandwidth 1g;
    }
    }
    pic 3 {
    inline-services {
    bandwidth 1g;
    }
    }
    }
    fpc 2 {
    pic 0 {
    inline-services {
    bandwidth 1g;
    }
    }
    pic 1 {
    inline-services {
    bandwidth 1g;
    }
    }
    pic 2 {
    inline-services {
    bandwidth 1g;
    }
    }
    pic 3 {
    inline-services {
    bandwidth 1g;
    }
    }
    }



  • 2.  RE: napt-44 on MX240

    Posted 08-14-2017 04:31

    For overload nat on MX you should use MS-DPC/MS-MIC/MS-MPC card/mic. 

    Also you can use inline 1:1 NAT but only on MPC line cards



  • 3.  RE: napt-44 on MX240

    Posted 08-14-2017 04:54

    Hello, thank you, so here there is not any MIC card installed as i see ? Thank you

    inventory.jpg



  • 4.  RE: napt-44 on MX240

    Posted 08-14-2017 05:40

    Hello, another info, i have these cards installed, so there is not any possibility to make overload NAT?

     

    lot 1 Online DPCE 20x 1GE + 2x 10GE R
    PIC 0 Online 10x 1GE(LAN)
    PIC 1 Online 10x 1GE(LAN)
    PIC 2 Online 1x 10GE(LAN/WAN)
    PIC 3 Online 1x 10GE(LAN/WAN)
    Slot 2 Online DPCE 20x 1GE + 2x 10GE R
    PIC 0 Online 10x 1GE(LAN)
    PIC 1 Online 10x 1GE(LAN)
    PIC 2 Online 1x 10GE(LAN/WAN)
    PIC 3 Online 1x 10GE(LAN/WAN)

     

    Thank you

    Ernest



  • 5.  RE: napt-44 on MX240
    Best Answer

    Posted 08-14-2017 10:06

    On Juniper routers, you can configure NAT either with the sp interface(adaptive services interface), ms interface(multi services interfaces) or with the si interface(services-inline interface). These interfaces are used for the services processing like NAT and IPSec.

    sp interfaces are created on ms-dpc line card. ms interfaces are formed on the ms mic and ms mpc. These are dedicated hardware and particularly used for services processing like NAT and IPsec. si interface is created on the MPC itself and it is inline. This inline interface can process the NAT and IPSec with certain limitations. For instance, in NAT it supports only static NAT. If you still go ahead and configure nat overload on si, that should throw commit error.

    Since your requirement is to configure the address-overload and si interface does not support this feature, you need to get any of the special services processing hardware like ms-dpc, ms-mps of mic-mic. From the hardware list you have pasted here, I do not see any of these hardware. Hope this clarifies your query.



  • 6.  RE: napt-44 on MX240

    Posted 08-14-2017 11:30

    Nestiern,

     

    No, you are not able to configure a NAT with those cards. To configure an inline NAT 1:1 you need an MPC card and to configure an overload NAT you will need a multiservice card or multiservice pic (MS-DPC, MS-MPC, MS-PIC).

     

     



  • 7.  RE: napt-44 on MX240

    Posted 08-14-2017 13:49

    Thank you all for your help, it is very useful, i really appreciate, thanks