PC with public IP behind SSG-140 without NAT

adambg · ‎12-17-2009

How do I configure a PC behind the SSG 140 with a public IP provided by my ISP?

My ISP is providing me with public internet IP's 1.1.1.0/27. The gateway for my subnet is 1.1.1.1 (provided by my ISP on my own subnet).

The Untrust interface eth0/2 is configured with IP 1.1.1.2/32.

MIP from Untrust eth0/2 to Trust eth0/3 works (public IP to private IP).

How to configure a PC with a public IP _without_ NAT? So when I access http://cmyip.com I get the PC IP and not the SSG IP?

SSHSSH · ‎11-21-2009

you can use bgroups

create bgroup interace

give it an ip from 1.1.1.x

assign2 physical interfaces to that bgroup interface ( one of them is connected to youe server & is connected to your ISP )

NET-WORKS · ‎02-17-2009

What i am able to understand is that

ISP CPE (1.1.1.1)------------------SSG----------------------PC(1.1.1.5)

If you want to directly assign public ip address to the PC& servers ,you can try configuring the SSG in transparent mode.

In routed mode, if you configure MIP, you will still be able to access the PC(which is on private IP) like http://cmyip.com .just that particular ip whch is mapped to the domainname should be used for MIP.

HTH

adambg · ‎12-17-2009

Your diagram is correct, but some PC's should still have private IP address.

Is it possible to have the SSG transparent on some interfaces and routed on others?

Or this is done using bgroups?

NET-WORKS · ‎02-17-2009

No transparent and routed mode would not work in parallel.

Is there a special requirement that NAT is not done , the case you mention i.e to enable http access (or what ever ) will still work with MIP translation.

Anyways bgroup also seem good to go.

PC with public IP behind SSG-140 without NAT

Re: PC with public IP behind SSG-140 without NAT

Re: PC with public IP behind SSG-140 without NAT

Re: PC with public IP behind SSG-140 without NAT

Re: PC with public IP behind SSG-140 without NAT