Screen OS

Hi all,

I have ns25 with screenos 5.4.

On my untrust interface with IP 2.2.2.2/29 I put secondary IP:

set interface loopback.1 ip 3.3.3.3/26

 I nat this secondary IP to my internal net:

set interface "loopback.1" mip 3.3.3.4 host 192.168.1.35 netmask 255.255.255.255 vr "trust-vr"

I can access my Internal serveri via 3.3.3.4 - all is fine.

But when I make connections from my internal server, my outgoing IP address is 2.2.2.2 - is it possible to change this IP to 3.3.3.4 ?

Thanks!

Is using a secondary ip necessary for you ?

Why not to create the mip on the untrust interface not on the loopback :

set interface "your untrust int" mip 3.3.3.4 host 192.168.1.35 netmask 255.255.255.255 vr "trust-vr"

If using the Loopback is necessary , try to put the interface as a memeber of that loopback

Network > Interfaces > Edit (for yout untrust interface 😞

As member of loopback group: loopback.1

Zone Name: untrust

.....................................

.....................................

Hi SSHSSH

thanks, that is what I need.

Hi,

All outgoing connections that are currently src-NATted to 2.2.2.2 ("Use interface"-option for src NAT, also interface based NAT) will be src-NATted to 3.3.3.3 as soon as Untrust interface has been added to the loopback group. If it is not acceptable for you, the first solution with no loopback would be better.

You can also create a DIP 3.3.3.4 in the extended subnet and use policy based NAT instead of MIPs, both for src- and dst-NAT. Policy based NAT is much more flexible.

Kind regards,

Edouard

Hi,

I remove loopback interface, create MIP with new IP addresses on untrust interface and all is working fine.

Thanks.