Screen OS

last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  Help with VIP config

    Posted 11-02-2011 04:42

    Hello everyone,

     

    A weak ago I asked how I can forward a port with my SSG20, and the answer was VIP. Now I'm trying to understand how VIP works and how I can get a simple port (3389) get forwarded which isn't working. I followed example three on http://kb.juniper.net/InfoCenter/index?page=content&id=KB12608&smlogin=true which didn't help.

     

    The Juniper's 0/0 port is used for internet (untrusted 192.168.111.0/24) which later will be the adsl1/0 and 0/2 to 0/4 are my local ports (trusted 192.168.113.0/24).Port 0/0 has the IP address 192.168.111.180 and 0/2 - 0/4 has 192.168.113.180.

    I'm trying to forward port 3389 from 192.168.111.180 to 192.168.113.1 which is my other client. I can ping and RDP between them directly,but when I try to RDP to 192.168.111.180 it doesn't redirect me to 113.1. Below are the configurations that I already have done. How can I make this work?

     

     


    #PortForwarding
    #vip
    #SSG20


  • 2.  RE: Help with VIP config
    Best Answer

    Posted 11-02-2011 09:55

    Hi,

     

    A policy based NAT is enabled in the policy containing the VIP. This is not required.

    You should enable logging in the policy. Do you see any policy hits?



  • 3.  RE: Help with VIP config

    Posted 11-03-2011 01:34

    Hello Edouardand thank you for your reply. I know see that I connected to the wrong IP address which is indeed stupid of me. Smiley Indifferent

    Everything works and strangely enough I had it configured well. Now that the basic stuff works I can experiment with it. Smiley Very Happy

    Thank you for your help!