Screen OS

Hi,

I've been searching for hours now but cannot find it.

This is my config i got from my provider:

There router = 213.224.XX.125/30

My ethernet0./0 (untrust) is = 213.224.XX.126/30

I have a default route is set to 125 and the internet works.  So far so good.

Now i have a second ip range with 16 usable ipranges 84.199.XX.128/28

Now i need to make a DIP for address 84.199.XX.129 and use a policy that does source translation for sip traffic on the 129 address.

Now when i try to add this DIP entry on the untrust it gives me a message that the Dynamic ipmust be in the same subnet.

Hency my problem. 

My question: how can i add this second range to my untrust side knowing that i cannot use a MIP for the 84.199.XX.129 address because i have some phones on the trust interface (5 of them) that go to an outside SIP server.

So i need to make a policy for SIP traffic that does source routing on that DIP.

Can anyone help me with this please?

Hi!

I think this command will solve your problem:

set interface ethernet0/0 ext ip 84.199.xxx.128/28 dip <dip pool number> 84.199.xxx.129 84.199.xxx.142

The keywords here are "ext ip" - extended ip.

Kind regards,

Edouard

works like a charm, thank you very much!