Screen OS

last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  Multiple public IP address with different subnet

    Posted 04-22-2014 04:59

    Hello,

     

    Actually, i have a juniper SSG5 with multiple public IP address in same subnet.

    I use Proxy ARP Entry, Destination route and Policy (with NAT dst) to internal host.

    Each public address is used to multiple internal host (port translation).

     

    In some time, my interface untrust will have a new public IP in subnet (46.5.15.X/30)

    And to access in my private network, i will have multiple public IP in different subnet (46.5.5.X/29). These IP will be routed by my supplier to public IP of my interface untrust.

    But i cannot use proxy-arp-entry (different subnet), i need use MIP ?

    KB10923 give me several informations to multiple internal host... But if i use one IP public to multiple internal host, how I should proceed ?

     

    Thank you for your help.

    Best regards.

    Charlie.



  • 2.  RE: Multiple public IP address with different subnet
    Best Answer

    Posted 04-24-2014 10:17

    Just remove the Proxy ARP (not needed once your provider starts routing the /29 subnet) and you'll be all set with the destination route and policy NAT the way you're doing it now. Bonus: since /29 is routed and ScreenOS doesn't care, you'll be able to use the first and last address in the subnet, too.



  • 3.  RE: Multiple public IP address with different subnet

    Posted 04-27-2014 08:52

    Hi nikolay.semov,

     

    Thank you for your help.
    I removed proxy ARP, now i should test my new config...

     

    Regards,
    Charlie.