Screen OS

last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  loopback group source nat issue

    Posted 06-08-2012 00:36

    Hello,

     

    I have an interface ethernet0/4 (connected to the internet) in Untrust-VR, I have loopback.1 with an IP range on it, and ethernet0/4 is member of the loopback group. This work ok, VIPS on the loopback.1 work as expected.

     

    Outgoing traffic through ethernet0/4 interface has source NAT applied, but with the IP of the loopback interface instead of the IP of the ethernet0/4 interface. In Untrust-VR the 0.0.0.0 route points to ISP gateway with outgoing interface ethernet0/4.

     

    For now I have removed ethernet0/4 from the loopback group, and source NAT is applied with the ethernet0/4 IP address.

    VIPS no longer work, but MIPS do work.

     

    I prefer to use VIPS, how can I make sure that source NAT uses the ethernet0/4 IP?

     

    Thanks.



  • 2.  RE: loopback group source nat issue
    Best Answer

    Posted 06-08-2012 07:33

    You can define a DIP on loopback1 with the same IP address as ethernet0/4.  Add ethernet0/4 back to the loopback group.  Then just create a policy for outgoing traffic that used the DIP you created.

     



  • 3.  RE: loopback group source nat issue

    Posted 07-24-2012 06:06

    Forgot to accept the solution. I still think it's strange behavior.