SRX Services Gateway
Highlighted
SRX Services Gateway

SRX VIP with Dynamic Public IP

02.17.10   |  
‎02-17-2010 06:28 AM

I am trying to configure an SRX 210 (running 10.0R2.10) with a dynamic Internet IP to use VIP type functionality.  When I configure the NAT, it requires me to put an IP address however because this is dynamic and could change I can't.  I used the keywork interface (set security Nat proxy-ARP interface ge-0/0/0.0 address interface) and it accepts the command, however in the configuration it replaces the interface command with an IP address that does not exist on the box (not even the dynamic IP I currently have)

 

Is the ScreenOS VIP functionality available on the SRX if you have a dynamic Internet IP? 

4 REPLIES
SRX Services Gateway
Solution
Accepted by topic author rblack
‎08-26-2015 01:27 AM

Re: SRX VIP with Dynamic Public IP

02.17.10   |  
‎02-17-2010 07:17 AM

Try using 0.0.0.0/0 as the destination IP in your DNAT rule.

 

See this thread with discussion and config examples.

 

Regards,

-Chris
SRX Services Gateway

Re: SRX VIP with Dynamic Public IP

02.17.10   |  
‎02-17-2010 07:38 AM

Thanks for that, the 0.0.0.0/0 does seem to be fine for the rule-set, however my problem seems to be with teh proxy-arp section which I have:

 

proxy-arp {
    interface ge-0/0/0.0 {
        address {
            0.0.0.0/0;
        }
    }

and when I try to comit I get the following error:

 

[edit security nat proxy-arp interface ge-0/0/0.0]
  'address 0.0.0.0/0'
    IP address 0.0.0.0 is invalid
error: configuration check-out failed

 

 

SRX Services Gateway

Re: SRX VIP with Dynamic Public IP

02.17.10   |  
‎02-17-2010 07:40 AM

Because you are actually wanting to answer on the IP that belongs to the interface, there should be no need for the proxy-arp.

-Chris
SRX Services Gateway

Re: SRX VIP with Dynamic Public IP

02.17.10   |  
‎02-17-2010 11:02 AM

Thank you,

 

You are right, I don't need the proxy arp entry and it is working perfectly.

 

Thanks for your help.

 

Richard