[j-nsp] Can we use MIP for outgoing traffic on a different interface
Kamal Dissanayaka
kamalasiri at gmail.com
Mon Jun 7 09:51:14 EDT 2010
Hi,
I have a MIP (z.z.z.z) configured on a interface X.X on zone Untrust for
server y.y.y.y on zone Trust.
config is as bellow
set interface "ethernet x.x" mip z.z.z.z host "y.y.y.y" netmask
255.255.255.255 vr "trust-vr"
set policy id 102 from "Untrust" to "Trust" "Any" "MIP(z.z.z.z)" "ICMP-ANY"
permit log
set policy id 103 from "Trust" to "Untrust" "y.y.y.y" "Any" "ICMP-ANY"
permit log
The outgoing traffic from zone trust to untrust works fine and source
address is translated to MIP (z.z.z.z).
Now I need to use same MIP (z.z.z.z) for outgoing traffic from zone Trust
server y.y.y.y to another zone (DMZ). Is this possible? if it is possible
could you please send me a sample config?
Thanks
Kamal
More information about the juniper-nsp
mailing list