Categories

Bluetrait
        Bluetrait
                Bluetrait
                    Coding
                    Geek
                    General
                    Videos
                    Solar
                    Coding
                    Geek
                    General
                    Coding
                        PHP
                        Bluetrait
                        PHP
                        Bluetrait
                        WordPress
                            Plugins
                        PHP
                        Bluetrait (Program)
                    Geek
                        Juniper
                        Cisco
                        IBM N2200 8363
                        PCs
                        Spam
                        IPv6
                        Apple
                        NetScreen
                        Internet
                    General
                        Uni

Mon, 19 Nov 2007 10:15 AM

Creating a VIP in a different subnet

Michael Dale
Recently the company I work for got another subnet to use, let's call it b.b.b.0/24 (and our current one is a.a.a.0/24). We want to use this subnet to create more VIPs (Virtual IPs). So we currently have: a.a.a.2:80 -> 10.0.0.2:80 We wanted to add: b.b.b.2:80 -> 10.0.0.3:80 Unfortunately trying to do this via the standard method fails with this error: VIP error With the help of the juniperforum website a way was worked out. Steps: 1) Make sure the new subnet is routed to your netscreen (in this case to our untrust int) untrust untrust policy 2) Create a new policy from UNTRUST to UNTRUST (yes this is not a mistake) with the following details: Source Address: ANY Destination Address: The external IP address you want to use i.e b.b.b.2 Service: The service you want Under the advanced settings: Enable Destination Translation Translate to IP 10.0.0.3 policyuntrust untrust policy 3) To create more services to the IP address simply add another policy with the "Service" and "Translate to IP" details changed. Note: This method mostly acts like a normal VIP. The only thing to look out for is that requests from the TRUST zone won't be translated. More details can be found in the forum thread here.

Comments

Comments?

HTML allowed: <a href="" title="" rel=""></a> <b></b> <blockquote cite=""></blockquote> <em></em> <i></i> <strike></strike> <strong></strong> <li></li> <ol></ol> <ul></ul>
ie: <b>bold</b>

Your comment may need to be reviewed before it is published.

Message

Name

Email (not shown)

WWW (optional)

Allow contact form email

Remember details