SRX VIP with Dynamic Public IP

rblack · ‎12-10-2007

I am trying to configure an SRX 210 (running 10.0R2.10) with a dynamic Internet IP to use VIP type functionality. When I configure the NAT, it requires me to put an IP address however because this is dynamic and could change I can't. I used the keywork interface (set security Nat proxy-ARP interface ge-0/0/0.0 address interface) and it accepts the command, however in the configuration it replaces the interface command with an IP address that does not exist on the box (not even the dynamic IP I currently have)

Is the ScreenOS VIP functionality available on the SRX if you have a dynamic Internet IP?

storerc · ‎01-23-2010

Try using 0.0.0.0/0 as the destination IP in your DNAT rule.

See this thread with discussion and config examples.

Regards,

-Chris

rblack · ‎12-10-2007

Thanks for that, the 0.0.0.0/0 does seem to be fine for the rule-set, however my problem seems to be with teh proxy-arp section which I have:

proxy-arp {
    interface ge-0/0/0.0 {
        address {
            0.0.0.0/0;
        }
    }

and when I try to comit I get the following error:

[edit security nat proxy-arp interface ge-0/0/0.0]
'address 0.0.0.0/0'
IP address 0.0.0.0 is invalid
error: configuration check-out failed

storerc · ‎01-23-2010

Because you are actually wanting to answer on the IP that belongs to the interface, there should be no need for the proxy-arp.

-Chris

rblack · ‎12-10-2007

Thank you,

You are right, I don't need the proxy arp entry and it is working perfectly.

Thanks for your help.

Richard

SRX VIP with Dynamic Public IP

Re: SRX VIP with Dynamic Public IP

Re: SRX VIP with Dynamic Public IP

Re: SRX VIP with Dynamic Public IP

Re: SRX VIP with Dynamic Public IP