New Public IP ranges

JamesBellaart · ‎06-19-2008

Hi,

Currently my Juniper SSG520 is configured with a /27 on its untrust interface.

We are moving into a new datacenter where we have been given a /30 and then a new /27 as well for our MIPs/VIPs.

How do I configure my untrust interface to support these 2 subnets?

The /30 will have the next hop out of the network.

Cheers,

James

JamesBellaart · ‎06-19-2008

After a bit of searching (thanks search feature) it looks like the answer is to add a Loopback in the Untrust zone with the 2nd IP range and turn off intra zone blocking.

Is that all I need to do? and am I able to use an IP from the pool on the loopback (/27) as my egress IP?

WL · ‎07-26-2008

Yes it should work fine as long as you have the ISP routing the traffic to your end.

Take a look at C&E guide as well, its for VPN but can be used for cleartext as well:

http://www.juniper.net/techpubs/software/screenos/screenos6.1.0/ce_v8.pdf

Page 78 Chapter 4 for MIPs and VIPs.

****pls click the button " Accept as Solution" if my post helped to solve your problem****

JamesBellaart · ‎06-19-2008

I've found another article suggesting you can simply add a route to the new network on the interface in untrust zone with a gateway of 0.0.0.0. I have tried this and it allows me to add a MIP using IPs from the new range.

WL · ‎07-26-2008

Hmm, you dont really need that if you are using 6.1 screen OS. It allows you to configure the MIP without the route.

****pls click the button " Accept as Solution" if my post helped to solve your problem****

New Public IP ranges

Re: New Public IP ranges

Re: New Public IP ranges

Re: New Public IP ranges

Re: New Public IP ranges