Routing

Expand all | Collapse all

NAT Problem on MX480 MS-DPC

Jump to Best Answer
  • 1.  NAT Problem on MX480 MS-DPC

    Posted 04-04-2020 13:15

    Hi guys,

     

    I can not configure NAT on MX480 with MS-DPC Junos version is Junos: 18.2R3.4.

     

    NAT does not work. Maybe someone can tell me where could be the problem with the configuration or how to investigate the problem
    Dynamic Profile

    GlobVlan {
        routing-instances {
            "$junos-routing-instance" {
                interface "$junos-interface-name";
            }
        }
        interfaces {
            pp0 {
                unit "$junos-interface-unit" {
                    no-traps;
                    ppp-options {
                        chap;
                    }
                    pppoe-options {
                        underlying-interface "$junos-underlying-interface";
                        server;
                    }
                    family inet {
                        filter {
                            input NAT-TEST precedence 150;
                            output NAT-TEST precedence 150;
                        }
                        unnumbered-address "$junos-loopback-interface";
                    }
                }
            }
        }
    }
    DynVlan {
        interfaces {
            "$junos-interface-ifd-name" {
                unit "$junos-interface-unit" {
                    no-traps;
                    vlan-id "$junos-vlan-id";
                    family pppoe {
                        access-concentrator Radnet;
                        duplicate-protection;
                        dynamic-profile GlobVlan;
                        max-sessions 16000;
                    }
                }
            }
        }
    }

    Services 

    service-set NAT-SERVICE-SET {
        nat-rules NAT-RULE;
        next-hop-service {
            inside-service-interface sp-1/0/0.100;
            outside-service-interface sp-1/0/0.200;
        }
    }
    
    service-set NAT-SERVICE-SET1 {
        tcp-mss 1210;
        nat-rules NAT-RULE1;
        next-hop-service {
            inside-service-interface sp-4/1/0.100;
            outside-service-interface sp-4/1/0.200;
        }
    }
    nat {
        pool NAT-POOL-1 {
            address-range low XXX.XXX.XXX.XXX high XXX.XXX.XXX.XXX;
            port {
                automatic {
                    random-allocation;
                }
            }
            address-allocation round-robin;
        }
        pool NAT-POOL-2 {
            address-range low XXX.XXX.XXX.XXX high XXX.XXX.XXX.XXX;
            port {                          
                automatic {
                    random-allocation;
                }
            }
            address-allocation round-robin;
        }
        rule NAT-RULE {
            match-direction input;
            term EIM {
                from {
                    source-prefix-list {
                        NAT-PREFIX-LIST;
                    }
                    applications [ junos-pptp junos-ipsec-esp ];
                    application-sets APP;
                }
                then {
                    translated {
                        source-pool NAT-POOL-1;
                        translation-type {
                            napt-44;
                        }
                        address-pooling paired;
                    }
                }
            }
            term SIMPLY {
                from {
                    source-prefix-list {
                        NAT-PREFIX-LIST;
                    }
                }
                then {
                    translated {
                        source-pool NAT-POOL-1;
                        translation-type {
                            napt-44;
                        }
                        address-pooling paired;
                    }
                }
            }
        }
        rule NAT-RULE1 {
            match-direction input;
            term EIM {
                from {
                    source-prefix-list {
                        NAT-PREFIX-LIST-1;
                    }
                    applications [ junos-pptp junos-ipsec-esp ];
                    application-sets APP;
                }
                then {
                    translated {
                        source-pool NAT-POOL-2;
                        translation-type {
                            napt-44;
                        }
                        address-pooling paired;
                    }
                }
            }
            term SIMPLY {
                from {
                    source-prefix-list {
                        NAT-PREFIX-LIST-1;
                    }
                }
                then {
                    translated {
                        source-pool NAT-POOL-2;
                        translation-type {
                            napt-44;
                        }
                        address-pooling paired;
                    }
                }
            }
    } }

     

    Routing-instances

    NAT-RI {
        instance-type virtual-router;
        interface sp-1/0/0.100;
        routing-options {
            static {
                route 10.10.0.0/20 next-table inet.0;
                route 0.0.0.0/0 next-hop sp-1/0/0.100;
            }
        }
    }
    NAT-RI-1 {
        instance-type virtual-router;
        interface sp-4/1/0.100;
        routing-options {
            static {
                route 10.10.16.0/20 next-table inet.0;
                route 0.0.0.0/0 next-hop sp-4/1/0.100;
            }
        }
    }

    ActiveDynamicProfile

    show dynamic-profile session client-id 31                  
    GlobVlan {
        routing-instances {
            default {
                interface pp0.3221225497;
            }
        }
        interfaces {
            pp0 {
                unit 3221225497 {
                    no-traps;
                    ppp-options {
                        chap;
                    }
                    pppoe-options {
                        underlying-interface xe-0/0/2.3221225496;
                        server;
                    }
                    family {
                        inet {
                            filter {
                                input NAT-TEST precedence 150;
                                output NAT-TEST precedence 150;
                            }
                            unnumbered-address lo0.0;
                        }
                    }
                }
            }
        }
    }

    Prefix-List

    temp@MX480> show configuration policy-options prefix-list NAT-PREFIX-LIST     
    10.10.0.0/20;
    
    temp@MX480> show configuration policy-options prefix-list NAT-PREFIX-LIST-1  
    10.10.16.0/20;

     

    Thanks,
    Volodymyr

     



  • 2.  RE: NAT Problem on MX480 MS-DPC
    Best Answer

    Posted 04-09-2020 07:01

    Fixed.

    The problem is
    PPPoE and NAT(on MS-DPC) work only on 13.3.
    Maybe there is another solution can be found but I managed to start it in this way

     

    Thanks,