ScreenOS Firewalls (NOT SRX)
ScreenOS Firewalls (NOT SRX)

VIP IP Public to ip private remote server cant contacted JUNIPER SSG5

[ Edited ]
‎05-19-2019 10:49 PM

Hi guys,

i have ip public 103.244.205.25

and then i have ip local : 10.173.1.0/24

and this ip remote : 192.168.2.30

 

between local and remote ip each can ping via ipsec connection. but when i configuring VIP with IP Public 103.244.205.25 and then mapping to IP 192.168.2.30 there is an error " VIP server 192.168.2.30 cannot be contacted "  

 

is there my configuration wrong?

Please your advice

Thanks

4 REPLIES 4
ScreenOS Firewalls (NOT SRX)

Re: VIP IP Public to ip private remote server cant contacted

‎05-19-2019 11:00 PM
Hi,

Can you share your VIP configuration, also are you using “server auto detection” ?


Thanks and Regards
Vikas Singh
ScreenOS Firewalls (NOT SRX)

Re: VIP IP Public to ip private remote server cant contacted

‎05-19-2019 11:32 PM

@vikassingh wrote:
Hi,

Can you share your VIP configuration, also are you using “server auto detection” ?


Thanks and Regards
Vikas Singh

Hi vikas,

yes i use server auto detection

VIP configuration :

SSG51.PNGVIP ConfigurationSSG52.PNGping between ip local and ip remote

 

Highlighted
ScreenOS Firewalls (NOT SRX)

Re: VIP IP Public to ip private remote server cant contacted

‎05-19-2019 11:39 PM
This looks to be due to the service auto detection, which is failing:

Message : VIP server 〈server_IP〉 cannot be contacted.
Meaning: The specified Virtual IP (VIP) server is not respondingto the heartbeatPINGssent by the security device.
Action: Check that the server is powered up, that it isconnected to the network, and that its TCP/IP settings are correct.

Refer old thread about the same : https://forums.juniper.net/t5/ScreenOS-Firewalls-NOT-SRX/What-does-quot-Server-auto-detection-quot-o...


Thanks and Regards
Vikas Singh
ScreenOS Firewalls (NOT SRX)

Re: VIP IP Public to ip private remote server cant contacted

‎05-20-2019 03:02 AM

I've never had server auto detect work on anything other than http or https so it is best to just turn off that feature in this case.

 

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home