Junos OS

last person joined: yesterday 

Ask questions and share experiences about Junos OS.

  • 1.  assigning static IPs to external interface - SRX210HE

    Posted 03-10-2014 07:47

    Just recently purchased an SRX210HE for a small office. JunOS 11.4 We have a block of 5 static IPs from verizon. Should they be all assigned to a single interface unit? 

     

    ge-0/0/0 {
    unit 0 {
    family inet {
    address 173.xxx.xxx.xx1/24;
    address 173.xxx.xxx.xx4/24;
    address 173.xxx.xxx.xx5/24;
    address 173.xxx.xxx.xx2/24;
    address 173.xxx.xxx.xx3/24;
    }
    }
    }

     

    And if so, is one of those addresses the "primary" address? or how do I configure the SRX with a primary address?



  • 2.  RE: assigning static IPs to external interface - SRX210HE
    Best Answer

    Posted 03-10-2014 09:14

    Hello,

    Presumably, You want to use them for NAT, wouldn't You?

    If yes then use 1 public IP of Your choice as interface IP and enable proxy ARP for the rest:

    http://kb.juniper.net/InfoCenter/index?page=content&id=KB21785

    HTH

    Thanks
    Alex 



  • 3.  RE: assigning static IPs to external interface - SRX210HE

    Posted 03-10-2014 14:42

    If you chose this method then add the primary statement to address that you want to primary and add the preferred statement if you also want it to be the prefered address. For example

    set interfaces ge-0/0/0 unit 0 family inet address 173.xxx.xxx.xx4/24 primary preferred

    ge-0/0/0 {
    unit 0 {
    family inet {
    address 173.xxx.xxx.xx1/24;
    address 173.xxx.xxx.xx4/24{

      primary;
      preferred;

    }
    address 173.xxx.xxx.xx5/24;
    address 173.xxx.xxx.xx2/24;
    address 173.xxx.xxx.xx3/24;
    }
    }

    aditional  info:

    The primary address on an interface is the address that is used by default as the local address for broadcast and multicast packets sourced locally and sent out the interface
    The preferred address on an interface is the default local address used for packets sourced by the local router to destinations on the subnet. By default, the numerically lowest local address is chosen.



  • 4.  RE: assigning static IPs to external interface - SRX210HE

    Posted 03-10-2014 17:58

    so, I will be NAT'ing at least two of these external IP addresses to single internal IPs. It seems that static NAT would be the way to go, and from what I read, I should do proxy ARP. Is that right?

     

    thanks, 



  • 5.  RE: assigning static IPs to external interface - SRX210HE

    Posted 03-10-2014 18:16

    You would use proxy arp, yes so that the I/F will answer the ARP request for other other (no I/F addresses on the same subnet that you are NAT'ing.

     

    Static is correct if you to want to have flows initiating from the internal devices to go out with the same IP as flows directed inward. You could use destination NAT only if the traffic is primarily inbound. Outbound traffic could still be NAT'd outward using whatever source NAT rule you have in place. 



  • 6.  RE: assigning static IPs to external interface - SRX210HE

    Posted 03-11-2014 07:03

    ok, so I have an existing VPN server inside our network - and I want to get NAT working for now and I'll build the VPN tunnels on the SRX later.

     

    Now I need to NAT 173.xxx.xxx.xx2 -> 192.168.1.100 for example and I need to allow ike/l2tp thru to the inside OpenSWAN server for my remote workers.

     

    Is destination NAT the way to go, do I need source NAT as well - vs. static NAT? 

     

    Mike



  • 7.  RE: assigning static IPs to external interface - SRX210HE

    Posted 03-11-2014 10:50

    Thanks for your help with this topic. I have opened another thread about NAT'ing thru the SRX.  -- Mike