12-23-2009 11:43 AM
How do I configure a PC behind the SSG 140 with a public IP provided by my ISP?
My ISP is providing me with public internet IP's 126.96.36.199/27. The gateway for my subnet is 188.8.131.52 (provided by my ISP on my own subnet).
The Untrust interface eth0/2 is configured with IP 184.108.40.206/32.
MIP from Untrust eth0/2 to Trust eth0/3 works (public IP to private IP).
How to configure a PC with a public IP _without_ NAT? So when I access http://cmyip.com I get the PC IP and not the SSG IP?
12-26-2009 06:27 AM
you can use bgroups
create bgroup interace
give it an ip from 1.1.1.x
assign2 physical interfaces to that bgroup interface ( one of them is connected to youe server & is connected to your ISP )
12-29-2009 10:31 PM
What i am able to understand is that
ISP CPE (220.127.116.11)------------------SSG----------------------PC(18.104.22.168)
If you want to directly assign public ip address to the PC& servers ,you can try configuring the SSG in transparent mode.
In routed mode, if you configure MIP, you will still be able to access the PC(which is on private IP) like http://cmyip.com .just that particular ip whch is mapped to the domainname should be used for MIP.
12-29-2009 10:42 PM
Your diagram is correct, but some PC's should still have private IP address.
Is it possible to have the SSG transparent on some interfaces and routed on others?
Or this is done using bgroups?
12-30-2009 01:43 AM
No transparent and routed mode would not work in parallel.
Is there a special requirement that NAT is not done , the case you mention i.e to enable http access (or what ever ) will still work with MIP translation.
Anyways bgroup also seem good to go.