Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Commit failure after upgrading the SRX device

0

0

Article ID: KB24703 KB Last Updated: 08 Jun 2012Version: 1.0
Summary:
This article describes the issue of the commit failure, after upgrading the SRX device from 10.4x to 11.2, 11.4, or 12.1.
Symptoms:
The following commit errors were generated on the SRX device:
root@srx# commit 
error: nat-pat-address quota exceeded (usage 655 > max 256)
error: configuration check-out failed
Cause:
 
Solution:
These changes are as per the new design, starting with 11.2R1 and includes 11.4 and 12.1 releases. The newly supported IP ranges for various platforms are:

  • SRX5800 - 2K

  • SRX5600 - 2K

  • SRX3600 - 1K

  • SRX3400 - 1K

  • SRX1400 - 512

  • SRX650/2G - 512

  • SRX650/1G - 256

  • SRX240/1G - 256

  • SRX240/512M - 20

  • SRX220/1G - 256

  • SRX210/1G - 256

  • SRX210/512M - 20

  • SRX1X0/1G - 256

  • SRX1X0/512M - 20

  • J-Series/2G - 512

  • J-Series/1G - 256

  • J-Series/512M - 20

The error message indicates the maxium as 256, which points to the J-Series/1G, SRX1X0/1G, SRX210/1G, SRX220/1G, SRX240/1G, and SRX650/1G devices. These are the branch platforms; except SRX 650/2G, which has 512 as the range.
root@srx# commit 
error: nat-pat-address quota exceeded (usage 655 > max 256)
error: configuration check-out failed
Configuration:
set security nat source pool pool1 address 10.10.83.2/32 to 10.10.83.254/32			> 253 IP's               
set security nat source pool pool2-10-20-145-0-24 address 10.20.145.2/32 to 10.20.145.200/32 	> 199 IP's
set security nat source pool pool2-10-20-147-0-24 address 10.20.147.2/32 to 10.20.147.200/32 	> 199 IP's
set security nat source pool pool3-10-10-84-1-32 address 10.10.84.1/32 				> 1 IP
set security nat source pool pool3-10-10-85-1-32 address 10.10.85.1/32 				> 1 IP
set security nat source pool pool4-xx-xxx-158-1-32 address xx.xxx.158.1/32 			> 1 IP
set security nat source pool pool5-xx-xxx-98-178-32 address xx.xxx.98.178/32 			> 1 IP
Total allocated IP = 253 + 199 + 199 + 1 + 1 + 1 + 1 = 655. 655 is higher than 256, as per the new allocated IP range.

Recommendations:

  • Reduce the total allocated IP range to within 256.

  • Update the proxy-arp ranges as well.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search