ScreenOS Firewalls (NOT SRX)
ScreenOS Firewalls (NOT SRX)

SSG5 HOST DYNDNS IS ASSOCIATING THE PRIVATE IP

2 weeks ago

Hello Experts:

 

Have an SSG5, I am currently connected to an Internet link of my ISP with dynamic IP at the ETH 0/0 interface and when checking in the interface list I see that it obtains a private IP (172.16.1.81) that my ISP gives me.

 

When I enter the website whatismyip.com I can see the public ip (207.248.52.50).

 

The problem I have is that when I configure DDNS with dyndns it connects and associates with my host on the dyndns page, but it is associated with the private ip of my ISP (172.16.1.81) and not with the public ip, therefore The name host.dyndns.org cannot be seen from the outside because it is linked to an internal IP, and it does not allow me to do remote administration or generate VPN.

 

Can this be fixed from some configuration from my juniper SSG5?

 

regards

4 REPLIES 4
ScreenOS Firewalls (NOT SRX)

Re: SSG5 HOST DYNDNS IS ASSOCIATING THE PRIVATE IP

2 weeks ago

Good day,

 

Are you following this KB?

 

https://kb.juniper.net/InfoCenter/index?page=content&id=KB4582&cat=DNS&actp=LIST

 

I am not sure if this applies, but it seems you can hardcode the server.

 

Regards,

Rommel Izquierdo T.

ScreenOS Firewalls (NOT SRX)
Solution
Accepted by topic author Jasonet
2 weeks ago

Re: SSG5 HOST DYNDNS IS ASSOCIATING THE PRIVATE IP

2 weeks ago

Unfortunately there is nothing the SSG can do to change its behavior.  The SSG and client only knows the address that the ISP gave the SSG so that is all it can report to DynDNS.

 

In this case your carrier is saving ip space by doing the NAT for many customers upstream of your physical device.  So the SSG has no idea what the address is.

 

You will need to install a client software on a computer that reaches out to DynDNS to update the address so it goes through your ISP NAT to report the correct public address.

 

Also it is possible that the upstream NAT will prevent inbound connections to your SSG.  This is an option on carrier grade NAT systems in configuration.  

 

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home
ScreenOS Firewalls (NOT SRX)

Re: SSG5 HOST DYNDNS IS ASSOCIATING THE PRIVATE IP

2 weeks ago

I did exactly this without change in the IP, however I was clarified that the problem is on the side of the ISP I really appreciate the attention and response

ScreenOS Firewalls (NOT SRX)

Re: SSG5 HOST DYNDNS IS ASSOCIATING THE PRIVATE IP

2 weeks ago

Thanks spulka, it's clear to me I will review this with my ISP