Screen OS

last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  MIPs and Port Translation challenge

    Posted 11-01-2011 08:59

    Hi all.  I am running ISG-2000 under ScreenOS 5.  What am I trying to figure out is whether it is possible to do port forwarding with a MIP address.  I read somewhere that MIP does not support port translation or forwarding and that only VIP can do that.  Please advise if this is true.

     

    Scenario: Forward external ip (MIP IP address) and port 443 > internal IP and port 1234

     

    Can this be done with what I have?



  • 2.  RE: MIPs and Port Translation challenge
    Best Answer

    Posted 11-01-2011 14:40

    MIPs are simply IP to IP maps, hence the name "Mapped IP Address."  Outside address maps to inside address, and ports are not changed.

     

    To achieve what you're looking for, yes, you need a VIP (Virtual IP Address.)  The setup of a VIP is very similiar to a MIP, just with the added steps of creating the port translations to the internal addresses/ports.

     

    No reason to put a square peg in a round hole -- if you need port translation, use a VIP.  Pretty straightforward.