Ask the Expert

D-NAT Configuration in MX-480 for Subscriber Management

  • 1.  D-NAT Configuration in MX-480 for Subscriber Management

    Posted 17 days ago
    We have tried Configuring and testing the D-Nat for some specific subscribers who are using CCTV or IP Camera. D-Nat rule (port translation) is working whenever a specific subscriber  Laptop is directly connected to the ----->>Switch------->>MX-480. Where we have written D-Nat rule  based upon his Public IP and Static Private IP, with destined port as 8111 and translated port as 3389.  We were able to take RDP access from Public Network.

    But Same scenario we have tried connecting  Laptop------>>CPE (TP Link)----->>Switch---->>MX-480. We have tried with the above mentioned rule and configured CPE device for Port Forwarding with Internal and External port numbers as 3389. In this scenario when we configure a D-Nat rule for subscriber Public IP and static Private IP, Public IP is changing after commiting the D-Nat rule config and we were unable to take RDP access and it is unsuccessful. We have checked for session logs where translation is happening but response packets are 0 as mentioned in the below log. 

    Configuration details are mentioned below:- 

    set services nat port-forwarding map1 destined-port  8111  translated-port  3389

    set services nat rule DNAT match-direction output
    set services nat rule DNAT term 1 from source-address 0.0.0.0/0
    set services nat rule DNAT term 1 from destination-address 113.43.54.31/32
    set services nat rule DNAT term 1 then port-forwarding-mappings map1
    set services nat rule DNAT term 1 then translated destination-prefix 172.60.1.2/32
    set services nat rule DNAT term 1 then translated translation-type dnat-44


     MX-480BNG# run show services sessions destination-port 8111
    mams-0/3/0 (ams0)
    Service Set: sset-1, Session: 1543520208, ALG: none, Flags: 0x2000000, IP Action: no, Offload: no, Asymmetric: no
    TCP 157.48.245.139:60260             ->                               113.43.54.31:8111                                                                     Forward       O                                      5
    TCP 172.60.1.2:3389                            ->                               157.48.245.139:60260                                                            Forward         I                                       0

    Any suggestions to resolve the above mentioned issue will be helpful.

    ------------------------------
    RAGHAVENDRA RAO
    ------------------------------