NetScreen 5GT MIPs Shutdown Internet Access!!

Posted on 2004-09-16
Medium Priority
Last Modified: 2008-01-09
Hi guys! Ive setup my netscreen 5gt in a dualt untrust mode (but I only have my wireless T1 line plugged in) and I have a /28 Ip Range.  I wanted to give specific computer a permanent IP (My webserver) and also allow access to that server from the outside. Here is how I have it setup:
x.x.15.212 (mapped ip using mask => (using the trust-vr routing) Policies: Allow Any ICMP, DNS, HTTP, HTTPS
Test Computer:
 x.x.15.213 (mapped ip using mask => (using the trust-vr routing) Policies: Allow Any

The webserver works beautifully, but whenever I map anything else using similar policy configurations they all of a sudden do not have internet access any more. They can still go around the local area network, but they do not have any access throught the firewall. Thought if there is no MIP to that specific private IP the person has internet access, but cannot get people to go to that server. I have also tried just using policies with the Advanced setup to have all IPs sent to x.x.15.213 to be translated by NAT to  I use a /16 private IP space and all my computers with DHCP can get to the Internet fine. This is my first time dealing with the netscreen, and I have no idea why multiple MIPs will not work. Everything looks like it should. Please help!!
Question by:cohortq

Author Comment

ID: 12115067
I have found the answer!! I was reassigning IPs that were in use prior to me mapping them. They would not work because the ARP cache of the Router and netscreen still showed them mapped to a specified adapter.  By clearing the ARP cache of both the perimeter router and the netscreen I was able to get these mapped IPs to work. YAY!!

Accepted Solution

PAQ_Man earned 0 total points
ID: 13570896
Question Closed, 500 points refunded.
Community Support Moderator

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
This video tutorial shows you the steps to go through to set up what I believe to be the best email app on the android platform to read Exchange mail.  Get the app on your phone: The first step is to make sure you have the Samsung Email app on your …

600 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question