Junos OS

 View Only
last person joined: yesterday 

Ask questions and share experiences about Junos OS.

config CGNAT with MX960 and MX-SPC3

  • 1.  config CGNAT with MX960 and MX-SPC3

    Posted 02-20-2023 13:06

    I have MX960 + MX-SPC3  . I config VRF-INTERNAL for inside and VRF-EXTERNAL for outside NAT
    I test by create interface lo0.100 apply in VRF-INTERNAL and int lo0.200 apply in VRF-EXTERNAL.
    I test ping routing-instance VRF-INTERNAL  <ip on lo0.200> source <ip on lo0.100> not work. the result is receive loss.
    But show service session and show service nat source mapping address-pooling-paired is show session NAT of  <ip on lo0.100>.
    what the problem please tell me?

    root@router# show routing-instances VRF-EXTERNAL 
    instance-type vrf;
    interface ae1.131;
    interface ae2.132;
    interface ams0.201;
    interface ams0.202;
    interface ams1.201;
    interface ams1.202;
    interface lo0.200;
    route-distinguisher 65013:2;
    vrf-import NO_VRF_IMPORT;
    vrf-export NO_VRF_EXPORT;

    {master}[edit]


    root@router# show routing-instances VRF-INTERNAL    
    instance-type vrf;
    routing-options {
        static {
            route 0.0.0.0/0 next-hop [ ams0.101 ams0.102 ams1.101 ams1.102 ];
        }
    }
    interface ae1.111;
    interface ae2.121;
    interface ams0.101;
    interface ams0.102;
    interface ams1.101;
    interface ams1.102;
    interface lo0.100;
    route-distinguisher 65013:1;
    vrf-import NO_VRF_IMPORT;
    vrf-export NO_VRF_EXPORT;
                                            
    {master}[edit]

    root@router> ping routing-instance VRF-INTERNAL 58.10.69.1 source 10.185.199.1 
    PING 58.10.69.1 (58.10.69.1): 56 data bytes
    ^C
    --- 58.10.69.1 ping statistics ---
    5 packets transmitted, 0 packets received, 100% packet loss

    {master}
    root@router> show services sessions source-prefix 10.185.199.1 
    Session ID: 17410394, Service-set: SSET_AMS01, Policy name: default-service-set-policy/32781, State: Stand-alone, Timeout: 280, Valid
    Member name: mams-1/0/0
      In: 10.185.199.1/23663 --> 58.10.69.1/8;icmp, Conn Tag: 0x0, If: ams0.101, Pkts: 5, Bytes: 420, 
      Out: 58.10.69.1/8 --> 58.10.74.133/10399;icmp, Conn Tag: 0x0, If: ams0.201, Pkts: 0, Bytes: 0, 
    Total sessions: 1

    {master}
    root@router> show services nat source mappings address-pooling-paired  
    Interface: mams-1/0/0, Service set: SSET_AMS01
    Pool name: POOL01
    Internal address        External address        Ports in use  Session Count State  
    10.185.199.1            58.10.74.133                1             1         Active    



    ------------------------------
    Woratan Phadungkiat
    ------------------------------