Problem:
I am able to get inbound NAT to work, however outbound nat refuses to work no matter what I try.
System: - MX104 v20.4R3.8
L2/L3 configuration:
- L3 to next hop router is routing via eBGP. Routes are being advertised to me properly.
- I am advertising our NAT pool (222.5.7.0/25) properly (I think). to get the NAT pool to advertise I needed to build a static route in the routing-instance. To do this I built a simple drop statement with the NAT pool subnet.
- All BGP routes are in their own routing-instance.
- I built an internal subnet (172.30.0.0/25) net just for testing NAT and put the irb gateway interface into the BGP routing-instance. The IRB is where our default gateway lives and I used bridged domains to connect to other interfaces (kind of mimicking vlan interfaces in Cisco in this way)
Trouble shooting:
- I read though all of this link, did not help.
- service interface is built, and confirmed the built in MPC should support static 1-to-1 nat.
- I tried using the service interface on unit 0, as well as configured for route based nat via next-hop service domains in two separate units, neither worked same results for each method. Currently set to a single unit 0 service interface.
- I have not found any easy to view trace logs for NAT.
- tried swapping service interface units, source-prefixes and pools, nothing works.
- the current configuration does not include a nat pool, want to make sure 1-to-1 /32 ips work first.
- When I did try using a nat pool, performing a
show services inline nat pool
orshow services inline nat statistics
always showed no results, I dont understand why. - No matter what, the MX104 refuses to translate outgoing packets, so far end hosts will always see the original IP. What am I missing here?
Config: Be aware this is a slimmed down config, if you need more let me know.
set chassis fpc 0 pic 0 inline-services bandwidth 1g set interfaces si-0/0/0 unit 0 family inet set services nat rule SVC_NAT_RULES_01 match-direction input set services nat rule SVC_NAT_RULES_01 term rule01 from source-address 172.30.0.47/32 set services nat rule SVC_NAT_RULES_01 term rule01 then translated source-prefix 222.5.7.47/32 set services nat rule SVC_NAT_RULES_01 term rule01 then translated translation-type basic-nat44 set services service-set SS_NAT01 nat-rules SVC_NAT_RULES_01 set services service-set SS_NAT01 interface-service service-interface si-0/0/0.0 set interfaces ge-0/0/3 unit 22 family inet service input service-set SS_NAT01 set interfaces ge-0/0/3 unit 22 family inet service output service-set SS_NAT01 set routing-instances bgp-net routing-options static route 222.5.7.0/25 discard set routing-instances bgp-net instance-type virtual-router set routing-instances bgp-net interface si-0/0/0.0 set routing-instances bgp-net interface ge-0/0/3.22 set routing-instances bgp-net interface irb.111
No comments:
Post a Comment