Set security nat source pool mypool20 address 10.177.20.0/24 Set security nat source pool mypool19 address 10.177.19.0/24 Set security nat source pool mypool18 address 10.177.18.0/24 Set security nat source pool mypool17 address 10.177.17.0/24 Set security nat source pool mypool16 address 10.177.16.0/24 Set security nat source pool mypool15 address 10.177.15.0/24 Set security nat source pool mypool14 address 10.177.14.0/24 Set security nat source pool mypool13 address 10.177.13.0/24 Set security nat source pool mypool12 address 10.177.12.0/24 Set security nat source pool mypool11 address 10.177.11.0/24 Set security nat source pool mypool10 address 10.177.10.0/24 Set security nat source pool mypool9 address 10.177.9.0/24 Set security nat source pool mypool8 address 10.177.8.0/24 Set security nat source pool mypool7 address 10.177.7.0/24 Set security nat source pool mypool6 address 10.177.6.0/24 Set security nat source pool mypool5 address 10.177.5.0/24 So if someone can try placing 20 pools with /24 in the config and commit check. I actually only need to know what is the limit for 300 Series. I could configure many pools and of different size. The destination nat did not have such limits. [edit security nat the limit seems to be more global then per pool. Source NAT pools contain too many addresses (Current: 769 > Capacity: 768)Įrror: nat-pat-address quota exceeded (usage 769 > max 768) Here is an example with 3x/24 pools and 1x/32 pool. I do not get the error if I have 3 pools with /24. I have actually initially reached this limit after I have configured 4 pools with /24 mask. I did not know the limit per pool exists. Set security nat source pool mytestpool04 address 10.104.0.0/16 Set security nat source pool mytestpool03 address 10.103.0.0/16 Set security nat source pool mytestpool02 address 10.102.0.0/16 To test this on srx300 or bigger hardware one coud simply do: set security nat source pool mytestpool01 address 10.101.0.0/16 Set rule-set rsX rule rX then source-nat mytestpoolX Set rule-set rsX rule rX match destination-address 0.0.0.0/0 Set rule-set rsX rule rX match source-address 0.0.0.0/0 2000 NAT rules means I can have 2000 NAT rules in the configuration. So limit is 2000 IPs and one /20 pools brings hardware to a limit.ī. 2000 NAT rules allow NAT'ing 2000 IPs (Like dynamic NAT entries). So I am wondering what does NAT Rule in this sense mean. The Limits in the datasheets of SRX state the following for SRX 340: I received the following error:Įrror: nat-pat-address quota exceeded (usage 26108 > max 768)
I have tested vSRX and after configuring a couple of source nat pools. Very easy question for everyone having SRX, preferrably 300 series.
0 kommentar(er)
