Hi all,
It works! Yes, it is a basic VIP task, but it was just my lack of knowledge and misunderstanding of the SSG5's architecture.
With the "custom servce + vip at the untrust + policy from untrust->trust" works fine.
It was not the problem accessing my public fix IP from the same PC or any other from the trusted zone. Now this one works fine too and I asked a friend to do a query with his browser from home and it worked!
Though it works, I have still some questions "why"?
- Services: The request comes from http://xxx.xxx.xxx.xxx:3000 to my port 3000. Why source 0-65535? Doesn't it expose me more than necessary? Could it be source 3000-3000 and destination 3000-3000 to narrow the accessible port range?
- What am I now exactly doing? As I figured out, it should be something like this:
The request to the port 3000 comes into my untrusted zone on my fix public IP on Ethernet0/0.
The Policy redirects it to the VIP of my Ethernet0/0 because the custom service is the one with destination to port 3000.
Finally the VIP takes care to forward it to the IP address in the trusted zone I entered in the "Map to IP" field because it is foing to the port 3000 I entered in the field "Virtual port". Correct me if I am wrong!
Many thanks for the help!
Message Edited by b_akos on 03-08-2009 11:51 AM
