ScreenOS Firewalls (NOT SRX)
Highlighted
ScreenOS Firewalls (NOT SRX)

VIP IP Public to ip private remote server cant contacted JUNIPER SSG5

[ Edited ]
a month ago

Hi guys,

i have ip public 103.244.205.25

and then i have ip local : 10.173.1.0/24

and this ip remote : 192.168.2.30

 

between local and remote ip each can ping via ipsec connection. but when i configuring VIP with IP Public 103.244.205.25 and then mapping to IP 192.168.2.30 there is an error " VIP server 192.168.2.30 cannot be contacted "  

 

is there my configuration wrong?

Please your advice

Thanks

4 REPLIES 4
ScreenOS Firewalls (NOT SRX)

Re: VIP IP Public to ip private remote server cant contacted

a month ago
Hi,

Can you share your VIP configuration, also are you using “server auto detection” ?


Thanks and Regards
Vikas Singh
ScreenOS Firewalls (NOT SRX)

Re: VIP IP Public to ip private remote server cant contacted

a month ago

@vikassingh wrote:
Hi,

Can you share your VIP configuration, also are you using “server auto detection” ?


Thanks and Regards
Vikas Singh

Hi vikas,

yes i use server auto detection

VIP configuration :

SSG51.PNGVIP ConfigurationSSG52.PNGping between ip local and ip remote

 

ScreenOS Firewalls (NOT SRX)

Re: VIP IP Public to ip private remote server cant contacted

a month ago
This looks to be due to the service auto detection, which is failing:

Message : VIP server 〈server_IP〉 cannot be contacted.
Meaning: The specified Virtual IP (VIP) server is not respondingto the heartbeatPINGssent by the security device.
Action: Check that the server is powered up, that it isconnected to the network, and that its TCP/IP settings are correct.

Refer old thread about the same : https://forums.juniper.net/t5/ScreenOS-Firewalls-NOT-SRX/What-does-quot-Server-auto-detection-quot-o...


Thanks and Regards
Vikas Singh
ScreenOS Firewalls (NOT SRX)

Re: VIP IP Public to ip private remote server cant contacted

a month ago

I've never had server auto detect work on anything other than http or https so it is best to just turn off that feature in this case.

 

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home