Netscreen-Remote; Network Address Translation (Nat) - Juniper JUNOS 10.1 - RELEASE NOTES 5-13-2010 Release Note

Known Limitations in JUNOS Release 10.1 for SRX Series Services Gateways and J Series Services Routers

NetScreen-Remote

Network Address Translation (NAT)

Known Limitations in JUNOS Release 10.1 for SRX Series Services Gateways and J Series Services Routers
On SRX Series devices, NetScreen-Remote is not supported in JUNOS Release
10.1.
On SRX3400, SRX3600, SRX5600, and SRX5800 devices, IKE negotiations
involving NAT traversal do not work if the IKE peer is behind a NAT device that
will change the source IP address of the IKE packets during the negotiation. For
example, if the NAT device is configured with DIP, it changes the source IP
because the IKE protocol switches the UDP port from 500 to 4500.
The following describes the maximum numbers of NAT rules and rule sets
supported:
For static NAT, up to 32 rule sets and up to 256 rules per rule set can be
configured on a device.
For destination NAT, up to 32 rule sets and up to 8 rules per rule set can be
configured on a device.
For source NAT, the following are the maximum numbers of source NAT
rules that can be configured on a device:
512 for J Series, SRX100, and SRX210 devices
1024 for SRX240 and SRX650 devices
8192 for SRX3400, SRX3600, SRX5600, and SRX5800 devices
These are systemwide maximums for total numbers of source NAT rules.
There is no limitation on the number of rules that you can configure in a
source NAT rule set as long as the maximum number of source NAT rules
allowed on the device is not exceeded.
135