07-10-2012 08:11 AM
This is more if a newbie question but would appreciate the help. I am new to Juniper and trying to setup a pretty simple network. I am using a SSG-5 and trying to be able to have a DMZ setup so it will be able to use a private IP address that points to a public IP address that users will access from the untrusted zone. For example:
I have eth0/0 setup for untrusted with the ip of 220.127.116.11 and the ip address that needs to be accesed by users is 18.104.22.168 (This IP is the address of a load balancer service) The load balancer will then forward this traffic to IIS servers in the range of (192.168.1.1-192.168.1.255)
My goal would be to have the DMZ setup with a private IP address that forwards all traffic for 22.214.171.124 to the Load balancer, any suggestions?
Thanks again for take the time to read/assist!
07-10-2012 03:01 PM
It sounds like you would just create a DMZ with whatever private address you want for the inbound connection of the load balancer. You assign the private address to the load balancer and the default gateway ip to the firewall DMZ interface.
Then use destination nat to forward the public address to the load balancer input.
I assume the output port of the load balancer would go directly to the subnet with the destination servers in your example.
Senior IP Engineer - DQE Communications Pittsburgh, PA
JNCIA-ER JNCIA-EX JNCIS-SEC JNCIP-SEC JNCSP-SEC
JNCIS-FWV JNCIS-SSL JNCDA
ACE PanOS 6
MCP - Managing Server 2003 MCP - Windows XP Professional
MCTS Windows 7