[j-nsp] ns-50 NAT problem
Gabriel
gabriel at teksavvy.com
Tue Jul 17 10:10:35 EDT 2007
>
> I tried to make the NAT come from either a loopback or another
> sub-interface on the Netscreen, and (when I was using dynamic NAT) it
> always used the egress interface. I couldn't make it do
> anything else.
>
> I'm no expert on ScreenOS, but a colleague of mine who has worked with
> them since almost day one couldn't find a way to make what you want to
> happen either.
>
> Another way around might be to install a second device, such as a
> hardened perimeter router. Do the NAT on the Netscreen on a single
> interface, and have a static default pointing at the perimeter router.
> The router then has your two uplinks connected to it, providing the
> fault tolerance.
>
Thanks, That's what I needed to know.
> I suppose the issue then is, how do you get it to fail over.
> I suppose
> you need to learn routes or defaults from your ISPs.
>
I'm advertising the routes through OSPF and I control the router on the
other end so that's not a problem.
Thanks
-Gabriel
More information about the juniper-nsp
mailing list