Message Image

Skip main navigation (Press Enter).

Screen OS

last person joined: 8 months ago

This is a legacy community with limited Juniper monitoring.

Back to discussions

Expand all | Collapse all

VIP vs. DIP

Jump to Best Answer

Erdem02-25-2009 09:09

I'm relatively new to Juniper firewalls, so please forgive me if I ask a "no-brainer" type of question. ...

Erdem02-25-2009 09:16Best Answer

You actually cant use the DIP for that. You can only use VIP for connections from outside. MIP is for ...

1. VIP vs. DIP

0 Recommend
Erdem
Posted 02-25-2009 09:09
I'm relatively new to Juniper firewalls, so please forgive me if I ask a "no-brainer" type of question. Which is better to set up, VIP or DIP when having an RDP log in from the internet?
2. RE: VIP vs. DIP
Best Answer

0 Recommend
Erdem
Posted 02-25-2009 09:16
You actually cant use the DIP for that. You can only use VIP for connections from outside. MIP is for bidirectional natting.

Here is a link to some NAT guides you may find useful:
http://kb.juniper.net/index?page=content&id=KB11909

Here are some simple steps for VIP as many people do have some questions while setting it up:

PC---hits ip 172.24.28.168: 3389 ---> FW ---maps to internal IP and port 172.16.50.20 port 3389---> Internal server 172.16.50.20

(1) set service "tcp3389" protocol tcp src 0-65535 dst 3389-3389

(2) set interface ethernet0/0 vip 172.24.28.168 + 3389 "tcp3389" 172.16.50.20 (172.16.50.20 will be your internal server)

(3) set policy top from "Untrust" to "Trust" "Any" "VIP(ethernet0/0)" "tcp3389" permit

Message Edited by WL on 02-25-2009 09:20 AM
Message Edited by WL on 02-25-2009 09:21 AM

Powered by Higher Logic