ScreenOS Firewalls (NOT SRX)
Highlighted
ScreenOS Firewalls (NOT SRX)

VIP over MPLS link?

[ Edited ]
11.09.11   |  
‎11-09-2011 06:55 PM

It is possible to map the public ip 11.11.11.11/24 to the server ip 192.168.10.10? So that public user able to access the server from internet.

 

Attachments

5 REPLIES
ScreenOS Firewalls (NOT SRX)

Re: VIP over MPLS link?

11.10.11   |  
‎11-10-2011 04:07 AM

I've not used the serial interface wan before.  I assume you are saying that the vip option is not showing up on that interface.

 

Try using destination nat (nat-dst) instead.  This is the selection kb for choosing the right method.

 

http://kb.juniper.net/InfoCenter/index?page=content&id=KB11910

Steve Puluka BSEET
Juniper Ambassador
Senior IP Engineer - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
JNCIA-Junos JNCIS-SEC JNCIP-SEC JNCSP-SEC
JNCIS-FWV
JNCDA JNCDS-DC JNCDS-SEC
JNCIS-SP
ACE PanOS 6 ACE PanOS 7
http://puluka.com/home
ScreenOS Firewalls (NOT SRX)

Re: VIP over MPLS link?

11.10.11   |  
‎11-10-2011 04:37 AM

No, the vip option is showing up, but i could not access from internet to that server.

ScreenOS Firewalls (NOT SRX)

Re: VIP over MPLS link?

11.10.11   |  
‎11-10-2011 04:45 AM

Did you also create the policy using the vip to allow the traffic?

 

http://kb.juniper.net/InfoCenter/index?page=content&id=KB4740

 

Or are you using the same ip address as the interface?  That is not supported for vip on all platforms.

Steve Puluka BSEET
Juniper Ambassador
Senior IP Engineer - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
JNCIA-Junos JNCIS-SEC JNCIP-SEC JNCSP-SEC
JNCIS-FWV
JNCDA JNCDS-DC JNCDS-SEC
JNCIS-SP
ACE PanOS 6 ACE PanOS 7
http://puluka.com/home
ScreenOS Firewalls (NOT SRX)

Re: VIP over MPLS link?

11.10.11   |  
‎11-10-2011 04:53 AM

yes, i did create the policy to allow untrust to that vip, i got other vip running on the same interface, all other vip is working (but the ip is not mapping over mpls, only internet server).

ScreenOS Firewalls (NOT SRX)

Re: VIP over MPLS link?

11.10.11   |  
‎11-10-2011 07:06 AM

Confirm that the services work on the local LAN.  And cross check the configuration against the working one.

 

Run the tests for the vip in kb5545 and see if these help in the issue.

 

http://kb.juniper.net/InfoCenter/index?page=content&id=KB5545

Steve Puluka BSEET
Juniper Ambassador
Senior IP Engineer - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
JNCIA-Junos JNCIS-SEC JNCIP-SEC JNCSP-SEC
JNCIS-FWV
JNCDA JNCDS-DC JNCDS-SEC
JNCIS-SP
ACE PanOS 6 ACE PanOS 7
http://puluka.com/home