Michael Dale
Recently the company I work for got another subnet to use, let's call it b.b.b.0/24 (and our current one is a.a.a.0/24).
We want to use this subnet to create more VIPs (Virtual IPs).
So we currently have:
a.a.a.2:80 -> 10.0.0.2:80
We wanted to add:
b.b.b.2:80 -> 10.0.0.3:80
Unfortunately trying to do this via the standard method fails with this error:
With the help of the juniperforum website a way was worked out.
Steps:
1) Make sure the new subnet is routed to your netscreen (in this case to our untrust int)
2) Create a new policy from UNTRUST to UNTRUST (yes this is not a mistake) with the following details:
Source Address: ANY
Destination Address: The external IP address you want to use i.e b.b.b.2
Service: The service you want
Under the advanced settings:
Enable Destination Translation
Translate to IP 10.0.0.3
3) To create more services to the IP address simply add another policy with the "Service" and "Translate to IP" details changed.
Note: This method mostly acts like a normal VIP. The only thing to look out for is that requests from the TRUST zone won't be translated.
More details can be found in the forum thread
here.