• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1137
  • Last Modified:

ssg20 adsl0/1 set up with two external IP addresses

Hi
We am new to Juniper and we have an SSG-20. We have been trying to setup the ADSL on this system.

We are running a server with Small Business Server 2003 on which includes MS-Exchange, the server has 2 network cards which one is the LAN and the other is for the WAN Access, the LAN is using an internal IP address range of 10.0.0.1/24

Our WAN network card on the server is : IP address 81.x.x.62 with a subnet mask of 255.255.255.252 and the default gateway as the SSG-20  (internal) IP address of 10.0.0.70

The adsl 0/1 has an external IP address of 81.x.x.61

Our ISP issued us with 2 ip addresses which on my previous router I could connect to one ip address to the router and the other we could use Remote Desktop Connection to connect to the server.

We have our emails directed to IP address 81.x.x.62 (which is the WAN Network Card address on the server) but currently can not receive email, although I can send them out.

We currently have the LAN and the WAN Network card connect to the SSG-20 in to ethernet ports 0/2 and 0/3 which are assigned to bgroup0

We need a urgent help on this subject as we can not see where we are going wrong.

Many thanks

0
MahargNala
Asked:
MahargNala
  • 2
  • 2
  • 2
2 Solutions
 
Sanga CollinsSystems AdminCommented:
im not a big fan of using SBS with the dual NIC configuration it forces all network traffic to route through the server which can have mixed results depending on the health and performance of the server itself. Now that you have introduced a juniper into your network you may want to retire the dual NIC configuration.

unless there is a specific reason why you need two nics on the server, this is what you should do.

first disbale the dual NIC config
on the juniper WAN port, configure your ip information from the ISP.(the ip that was connected to your router)
on the juniper LAN port configure the IP address information for you private network (10.0.0.1/24)
plug the switch where your server and all your workstations are connected into the LAN port of the juniper.
on the juniper configure a MIP (mapped IP) to map the second public ip from your ISP to the private IP of your server.
then finally create a policy to allow traffic from the WAN to the configured MIP and allow RDP and SMTP services.

this is a basci overview on how i've done it at serveral of my remote offices. if you need details on any specific step just let us know




0
 
MahargNalaAuthor Commented:
Hi thanks for the reply, I take it that we need to add the MIP to the adsl0/1 port?
0
 
deimarkCommented:
I echo sangamc here, get rid of the dual NIC on the SBS.

And yes, add the MIP to the ADSL port

Points to note here tho, is the specific policies to be created for the SBS server.

From untrust to trust any src > MIP address smtp/RDP permit log

If you dont specify the MIP as the destination, things will not work
0
Network Scalability - Handle Complex Environments

Monitor your entire network from a single platform. Free 30 Day Trial Now!

 
Sanga CollinsSystems AdminCommented:
deimark again!!!!

i thought i was the only one who likes juniper devices on EE, good to know that there are others.
0
 
deimarkCommented:
Apologies sangamc,didn't mean to steal your thunder. :P  Just trying to help :)

DM
0
 
MahargNalaAuthor Commented:
Hi Sangamc & Deimark

Thanks for your assitance it worked!

You will see I have allocated the points 480/20 I hope this is acceptable

Thanks again MahargNala
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

  • 2
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now