02-24-2009 01:44 PM
Currently my Juniper SSG520 is configured with a /27 on its untrust interface.
We are moving into a new datacenter where we have been given a /30 and then a new /27 as well for our MIPs/VIPs.
How do I configure my untrust interface to support these 2 subnets?
The /30 will have the next hop out of the network.
02-24-2009 02:34 PM
After a bit of searching (thanks search feature) it looks like the answer is to add a Loopback in the Untrust zone with the 2nd IP range and turn off intra zone blocking.
Is that all I need to do? and am I able to use an IP from the pool on the loopback (/27) as my egress IP?
02-24-2009 03:07 PM
Yes it should work fine as long as you have the ISP routing the traffic to your end.
Take a look at C&E guide as well, its for VPN but can be used for cleartext as well:
Page 78 Chapter 4 for MIPs and VIPs.
02-24-2009 03:11 PM
02-24-2009 05:09 PM