Question : How to configure SSG-140 with multiply public IP's on single interface.

Layout:
ISP: WAN block 10.10.50.2/30 gateway 10.10.50.1
ISP: LAN block 10.10.30.2-.6/29 gateway 10.10.30.1

Office:
vlan.1 10.10.11.1
vlan.2 10.10.12.1
vlan.3 10.10.13.1

Policies:
from vlan.1 to untrust any any web(http,https ... )
from vlan.1 to vlan.2 any any any
from vlan.1 to vlan.3 10.10.11.2 10.10.13.1 3000
from vlan.1 to vlan.3 10.10.11.3 10.10.13.1 3000
from vlan.1 to vlan.3 any 10.10.13.2 Email
from vlan.1 to vlan.3 any 10.10.13.2 ssh

from untrust to vlan.2 any 10.10.12.2 4000

from untrust to vlan.3 any 10.10.13.4 4000
from untrust to vlan.3 any 10.10.13.2 Email

Problem is, i am not sure who to configure SSG-140 so i can access from outside 10.10.12.2:4000
i would need to use 10.10.30.2:4000 and to access 10.10.13.4:4000 will need to use 10.10.30.3:4000

Best thing would be if i can have all vlan's with NAT src and NAT dst and with PAT.

Configuring with dip i end up opening ports with vip and using only 10.10.50.2 for access from outside.

Thanks

Answer : How to configure SSG-140 with multiply public IP's on single interface.

Wan block and you set it up with multi-port VIP.

Yes, if you use MIP that is the case, but you can use VIP which allows you to have different destination port.

http://wiki.xdroop.com/space/Juniper/Netscreen/Multi-port+VIP

Just take a look at the above. For configuration;

http://kb.juniper.net/KB12652

This link above should clarify everything.

Cheers,
rsivanandan

Random Solutions

counts records in a query

Registering mscal.ocx

Coldfusion upload files problem

How do I edit a Navigation Menu Created in JavaScript?

DB Owner right is missing but I can't find which database it is

CCTV Over IP Telephony

Output XML from SQL

C# How can I dynamically create an object that is not referenced in the project.

Query Event Log