ScreenOS Firewalls (NOT SRX)
Blogs
Discussion Forums
Programs & Events
turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Reply
Topic Options
Gus
Regular Visitor
Gus
Posts: 8
Registered: ‎06-02-2008
0

VIP issue

Options

‎08-18-2008 03:16 AM

hello i have a adsl interface with ip 1.1.1.1 its member of a loopback group.the loopback is 2.2.2.2

i tried to configure  a vip for port forwarding to the loopback interface because 2.2.2.2 is the ip the we use as external not the 1.1.1.1

and the vip does no seem to work. The policy is configured properly to the global zone.Any ideas?

thanks

Message 1 of 3 (3,818 Views)
 
Reply
Trusted Expert
Trusted Expert
Kashif-rana
Posts: 416
Registered: ‎01-29-2008
0

Re: VIP issue

Options

‎08-18-2008 03:28 AM

What is VIP IP? where u define VIP on loopback interface???
Kashif Rana
00971555962393
JNCIE-SP#1428,JNCIE-SEC#55,JNCIP(SP,ENT,SEC),JNCIS(FWV,SSL),JNCIA(IDP,AC,WX),BIG IP-F5-LTM, CCNP
----------------------------------------------------------------------------------------------------------------------------------------

If this post was helpful, please mark this post as an "Accepted Solution".Kudos are always appreciated!
Message 2 of 3 (3,817 Views)
 
Reply
entrada
Contributor
Posts: 39
Registered: ‎05-27-2008
0

Re: VIP issue

Options

‎08-18-2008 04:29 AM

usually ADSL asigns an IP to the ADSL-IF. So are you sure, that 2.2.2.2 is routed via

1.1.1.1 ??

 

Did you try to make a "snoop" or a "debug flow"  to verify, that the packets are delivered to your

interface?

 

Is 2.2.2.2 making a response to arp request? Try to set a route for 2.2.2.2 to the internal interface

as destination:

 

set route 2.2.2.2/32 int bg0 (or eth1, or trust)

 

Greetings,

 

Klaus

Message 3 of 3 (3,806 Views)
 
Reply
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.