Bluetrait (Program)
                IBM N2200 8363

Mon, 19 Nov 2007 10:15 AM

Creating a VIP in a different subnet

Michael Dale
Recently the company I work for got another subnet to use, let's call it b.b.b.0/24 (and our current one is a.a.a.0/24). We want to use this subnet to create more VIPs (Virtual IPs). So we currently have: a.a.a.2:80 -> We wanted to add: b.b.b.2:80 -> Unfortunately trying to do this via the standard method fails with this error: VIP error With the help of the juniperforum website a way was worked out. Steps: 1) Make sure the new subnet is routed to your netscreen (in this case to our untrust int) untrust untrust policy 2) Create a new policy from UNTRUST to UNTRUST (yes this is not a mistake) with the following details: Source Address: ANY Destination Address: The external IP address you want to use i.e b.b.b.2 Service: The service you want Under the advanced settings: Enable Destination Translation Translate to IP policyuntrust untrust policy 3) To create more services to the IP address simply add another policy with the "Service" and "Translate to IP" details changed. Note: This method mostly acts like a normal VIP. The only thing to look out for is that requests from the TRUST zone won't be translated. More details can be found in the forum thread here.



HTML allowed: <a href="" title="" rel=""></a> <b></b> <blockquote cite=""></blockquote> <em></em> <i></i> <strike></strike> <strong></strong> <li></li> <ol></ol> <ul></ul>
ie: <b>bold</b>

Your comment may need to be reviewed before it is published.



Email (not shown)

WWW (optional)

Allow contact form email

Remember details