NetScreen 5GT MIPs Shutdown Internet Access!!
Posted on 2004-09-16
Hi guys! Ive setup my netscreen 5gt in a dualt untrust mode (but I only have my wireless T1 line plugged in) and I have a /28 Ip Range. I wanted to give specific computer a permanent IP (My webserver) and also allow access to that server from the outside. Here is how I have it setup:
x.x.15.212 (mapped ip using mask 255.255.255.255) => 192.168.0.11 (using the trust-vr routing) Policies: Allow Any ICMP, DNS, HTTP, HTTPS
x.x.15.213 (mapped ip using mask 255.255.255.255) => 192.168.0.12 (using the trust-vr routing) Policies: Allow Any
The webserver works beautifully, but whenever I map anything else using similar policy configurations they all of a sudden do not have internet access any more. They can still go around the local area network, but they do not have any access throught the firewall. Thought if there is no MIP to that specific private IP the person has internet access, but cannot get people to go to that server. I have also tried just using policies with the Advanced setup to have all IPs sent to x.x.15.213 to be translated by NAT to 192.168.0.12. I use a /16 private IP space and all my computers with DHCP can get to the Internet fine. This is my first time dealing with the netscreen, and I have no idea why multiple MIPs will not work. Everything looks like it should. Please help!!