I've been trying to configure a MIP for access to my SA700 and following the ScreenOS Cookbook directions I run into errors. The commands from the Cookbook (also given in KB10923) are as follows:
Configure inbound and outbound policies:
set address trust host-a-prv 192.168.1.50/32
set policy id 1 from Untrust to Trust any MIP(1.1.1.50) http permit
set policy id 2 from Trust to Untrust host-a-prv any any permit
When I attempt the same I get the following issues:
Wintermute-> set address trust host-a-prv 192.168.1.5/32
Wintermute-> set policy id 1 from untrust to trust any MIP (172.24.120.20) http permit
^-------unknown keyword http
Wintermute-> set policy id 1 from untrust to trust any MIP (172.24.120.20) ?
deny deny packets
nat enable nat
permit permit packets
reject drop packets and send notification to the sender
tunnel encrypt packets
Wintermute-> set policy id 1 from untrust to trust any MIP (172.24.120.20) permit
### Zone Untrust->Trust : following address(es) not defined: (dst MIP)
Wintermute->
As you can see, my SSG5 running 6.2.0r1.0 (my personal firewall is sitting behind our perimeter firewall thus the private to private addressing) doesn't like the "http" modifier, but even removing it I run into the issue of MIP not being set properly (which is what I am in the process of trying to do).
Any insight would be greatly appreciated!
#NAT#screenos#KB10923#MIP