Screen OS

last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  Configure 2 DMZ ports to use the same External IP

    Posted 12-11-2014 06:12

    Hello All,

     

    I have an SSG550m 6.3R11.   We currently have a configuration where we a group of computers connected to a DMZ port that have to communicate to an external source with a known external IP address.  We are looking to connect another group of computers through a different IP/subnet range than the first, but they must connect to the same external source.  These systems will each have their own network hardware separate from each other. 

     

    My question, how can I assign the same external IP address (the source we have to connect, won't authorize us to have 2 different external addresses). to 2 different IP/subnet ranges?

     

    Thanks,

     

    Paul

     

     



  • 2.  RE: Configure 2 DMZ ports to use the same External IP
    Best Answer

    Posted 12-11-2014 15:34

    Is that ip address on the interface or are you using a dip for the address translation?

     

    Basically, you need to design the downstream connections so that all the subnets arrive on the SSG zone where this address is used for nat.  Once there you can create the necessary nat policy so that all the interal addresses are covered.



  • 3.  RE: Configure 2 DMZ ports to use the same External IP

    Posted 12-12-2014 10:23

    Thanks for the quck reply.  I was making this way to difficult in my head.  All I needed to do was put the NAT translation at the rule level, and use a DIP address.

     

    Thanks so much.  Once I read your response I realized I was truly over thinking this.

     

    Paul