Configuring MIP on Netscreen / Juniper NS25
Posted on 2008-06-26
I really need some help setting up a MIP for 2 ip addresses (one for our mail server and another for our SSL VPN, cant put it into a DMZ at the moment) - This is on a NS25 running 5.0.0r6.0 - unfortunately I am out of maintenance so cant upgrade the software on it.
On this NS25 - three interfaces are active.
E1 - Trusted - 172.16.x.x (NAT mode)
E2 - Untrusted 10.29.x.2 (Route mode)
E3 - Untrusted 10.31.x.2 (Route mode
Default gateway 10.31.x.1 (Cisco router)
This is setup as follows : I have one interface on the Cisco router (don't adminster that) which has dual ip addresses (10.29.x.1) and 10.31.x.1) which goes into a seperate switch, both untrusted interfaces from NS25 go into this switch and the trusted interface goes into our LAN switch.
I need to setup a MIP for 10.31.x.5 -> 172.16.x.19 (SSL VPN) and 10..29.x.5 -> 172.16.x.9 (email)
Heres what I did for the mail server, went into the Interface for E2 > MIP > New:
I then setup a Policy. Untrust > Trust > New - Source IP - ANY, Dest IP > MIP 10.29.x.6 Service : MAIL (Tried ANY also just out of interest) - logging on.
Did the same for the other MIP 10.31.x.5 on E3 Interface
Policy = Untrust > Trust > New - Source IP - ANY, Dest IP > MIP 10.31.x.6 Service : HTTP/HTTPS
Both MIPs fail to work and I have no idea why, nothing is logged, regular internet access is working fine, just don't know how to get this inbound traffic working. I am very new to netscreen / juniper firewalls so would really appreciate an experts help :)
Thanks in advance. Wish I could offer more points than 250 but thats all I have!