Question : How to configure SSG-140 with multiply public IP's on single interface.

Layout:
ISP: WAN block 10.10.50.2/30 gateway 10.10.50.1
ISP: LAN block  10.10.30.2-.6/29 gateway 10.10.30.1

Office:
vlan.1 10.10.11.1
vlan.2 10.10.12.1
vlan.3 10.10.13.1

Policies:
from vlan.1 to untrust any any web(http,https ... )
from vlan.1 to vlan.2 any any any
from vlan.1 to vlan.3 10.10.11.2 10.10.13.1 3000
from vlan.1 to vlan.3 10.10.11.3 10.10.13.1 3000
from vlan.1 to vlan.3 any 10.10.13.2 Email
from vlan.1 to vlan.3 any 10.10.13.2 ssh

from untrust to vlan.2 any 10.10.12.2 4000

from untrust to vlan.3 any 10.10.13.4 4000
from untrust to vlan.3 any 10.10.13.2 Email

Problem is, i am not sure who to configure SSG-140 so i can access from outside 10.10.12.2:4000
i would need to use 10.10.30.2:4000 and to access 10.10.13.4:4000 will need to use 10.10.30.3:4000

Best thing would be if i can have all vlan's with NAT src and NAT dst and with PAT.

Configuring with dip i end up opening ports with vip and using only 10.10.50.2 for access from outside.

Thanks  

Answer : How to configure SSG-140 with multiply public IP's on single interface.

Wan block and you set it up with multi-port VIP.

Yes, if you use MIP that is the case, but you can use VIP which allows you to have different destination port.

http://wiki.xdroop.com/space/Juniper/Netscreen/Multi-port+VIP

Just take a look at the above. For configuration;

http://kb.juniper.net/KB12652

This link above should clarify everything.

Cheers,
rsivanandan
Random Solutions  
 
programming4us programming4us