Juniper Netscreen: Port forwarding for several IP addresses

Hi there,

I want to configure a Netscreen 5GT for a /28 IP subnet. The netscreen should accept all IP adresse of the subnet and should forward different ports to internal IP adresses. Here is my idea: I configure the untrust interface with the subnet, e.g. 208.200.1.0/28, the untrust interface of the Netscreen should use 208.200.1.1. Now the IP adresse 208.200.1.2 till 208.200.1.14 should also accepted by the Netscreen. Is it porssible to use VIP for forwarding the same port to different internal IP addresses? What I want to do is: Port 80 of IP 208.200.1.2 should be forwarded to the internal 192.168.1.2, Port 80 of IP 208.200.1.3 should be forwarded to the internal IP 192.168.1.3 and so on. address. Could anyone tell me if my idea is right and should work the way I want?

Thank you!

Reply to
J. Schroeder
Loading thread data ...

Hi,

I believe since you want to create static internal/external address pairs, and access the same ports on them, VIP won't work. In this case you have to use MIP.

Greetings

Ingmar

J. Schroeder schrieb:

Reply to
Ingmar Schmidt

Yes but when using MIPs you cannot direct different ports to different internal hosts, a MIP maps an external public IP to an internal IP and does not inspect Layer 4 to direct different traffic types to internal hosts. It is a one to one mapping.

Reply to
VeeDub

Hi,

thank you. But if MIP does not work for that purpose, how can I redirect different ports of external IP addresses to internal IP addresses?

Regards, Johnny

VeeDub schrieb:

Reply to
J. Schroeder

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.