ScreenOS Firewalls (NOT SRX)
Reply
Gus
Regular Visitor
Gus
Posts: 8
Registered: ‎06-02-2008
0

VIP issue

hello i have a adsl interface with ip 1.1.1.1 its member of a loopback group.the loopback is 2.2.2.2

i tried to configure  a vip for port forwarding to the loopback interface because 2.2.2.2 is the ip the we use as external not the 1.1.1.1

and the vip does no seem to work. The policy is configured properly to the global zone.Any ideas?

thanks

Trusted Expert
Kashif-rana
Posts: 417
Registered: ‎01-29-2008
0

Re: VIP issue

What is VIP IP? where u define VIP on loopback interface???
Kashif Rana
JNCIE-SEC, JNCIE-ENT, JNCIE-SP, JNCIS(FWV,SSL),JNCIA(IDP,AC,WX),BIG IP-F5-LTM, CCNP
----------------------------------------------------------------------------------------------------------------------------------------

If this post was helpful, please mark this post as an "Accepted Solution".Kudos are always appreciated!
Contributor
Posts: 39
Registered: ‎05-27-2008
0

Re: VIP issue

usually ADSL asigns an IP to the ADSL-IF. So are you sure, that 2.2.2.2 is routed via

1.1.1.1 ??

 

Did you try to make a "snoop" or a "debug flow"  to verify, that the packets are delivered to your

interface?

 

Is 2.2.2.2 making a response to arp request? Try to set a route for 2.2.2.2 to the internal interface

as destination:

 

set route 2.2.2.2/32 int bg0 (or eth1, or trust)

 

Greetings,

 

Klaus

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.