Hi guys,
I can not configure NAT on MX480 with MS-DPC Junos version is Junos: 18.2R3.4.
NAT does not work. Maybe someone can tell me where could be the problem with the configuration or how to investigate the problem
Dynamic Profile
GlobVlan {
routing-instances {
"$junos-routing-instance" {
interface "$junos-interface-name";
}
}
interfaces {
pp0 {
unit "$junos-interface-unit" {
no-traps;
ppp-options {
chap;
}
pppoe-options {
underlying-interface "$junos-underlying-interface";
server;
}
family inet {
filter {
input NAT-TEST precedence 150;
output NAT-TEST precedence 150;
}
unnumbered-address "$junos-loopback-interface";
}
}
}
}
}
DynVlan {
interfaces {
"$junos-interface-ifd-name" {
unit "$junos-interface-unit" {
no-traps;
vlan-id "$junos-vlan-id";
family pppoe {
access-concentrator Radnet;
duplicate-protection;
dynamic-profile GlobVlan;
max-sessions 16000;
}
}
}
}
}
Services
service-set NAT-SERVICE-SET {
nat-rules NAT-RULE;
next-hop-service {
inside-service-interface sp-1/0/0.100;
outside-service-interface sp-1/0/0.200;
}
}
service-set NAT-SERVICE-SET1 {
tcp-mss 1210;
nat-rules NAT-RULE1;
next-hop-service {
inside-service-interface sp-4/1/0.100;
outside-service-interface sp-4/1/0.200;
}
}
nat {
pool NAT-POOL-1 {
address-range low XXX.XXX.XXX.XXX high XXX.XXX.XXX.XXX;
port {
automatic {
random-allocation;
}
}
address-allocation round-robin;
}
pool NAT-POOL-2 {
address-range low XXX.XXX.XXX.XXX high XXX.XXX.XXX.XXX;
port {
automatic {
random-allocation;
}
}
address-allocation round-robin;
}
rule NAT-RULE {
match-direction input;
term EIM {
from {
source-prefix-list {
NAT-PREFIX-LIST;
}
applications [ junos-pptp junos-ipsec-esp ];
application-sets APP;
}
then {
translated {
source-pool NAT-POOL-1;
translation-type {
napt-44;
}
address-pooling paired;
}
}
}
term SIMPLY {
from {
source-prefix-list {
NAT-PREFIX-LIST;
}
}
then {
translated {
source-pool NAT-POOL-1;
translation-type {
napt-44;
}
address-pooling paired;
}
}
}
}
rule NAT-RULE1 {
match-direction input;
term EIM {
from {
source-prefix-list {
NAT-PREFIX-LIST-1;
}
applications [ junos-pptp junos-ipsec-esp ];
application-sets APP;
}
then {
translated {
source-pool NAT-POOL-2;
translation-type {
napt-44;
}
address-pooling paired;
}
}
}
term SIMPLY {
from {
source-prefix-list {
NAT-PREFIX-LIST-1;
}
}
then {
translated {
source-pool NAT-POOL-2;
translation-type {
napt-44;
}
address-pooling paired;
}
}
}
}
}
Routing-instances
NAT-RI {
instance-type virtual-router;
interface sp-1/0/0.100;
routing-options {
static {
route 10.10.0.0/20 next-table inet.0;
route 0.0.0.0/0 next-hop sp-1/0/0.100;
}
}
}
NAT-RI-1 {
instance-type virtual-router;
interface sp-4/1/0.100;
routing-options {
static {
route 10.10.16.0/20 next-table inet.0;
route 0.0.0.0/0 next-hop sp-4/1/0.100;
}
}
}
ActiveDynamicProfile
show dynamic-profile session client-id 31
GlobVlan {
routing-instances {
default {
interface pp0.3221225497;
}
}
interfaces {
pp0 {
unit 3221225497 {
no-traps;
ppp-options {
chap;
}
pppoe-options {
underlying-interface xe-0/0/2.3221225496;
server;
}
family {
inet {
filter {
input NAT-TEST precedence 150;
output NAT-TEST precedence 150;
}
unnumbered-address lo0.0;
}
}
}
}
}
}
Prefix-List
temp@MX480> show configuration policy-options prefix-list NAT-PREFIX-LIST
10.10.0.0/20;
temp@MX480> show configuration policy-options prefix-list NAT-PREFIX-LIST-1
10.10.16.0/20;
Thanks,
Volodymyr