Juniper 5GT - Firmware 5.0.0r8.1 (Firewall + VPN)
We have 2 servers with 2 network connections each with 1 used as the dedicated IP address for the server and the other for use by NLB.
10.0.0.11 (Used for NLB)
10.0.0.13 (Used for NLB)
NLB shared cluster IP address is 10.0.0.14.
Our goal is to setup a new website with IP address say A.B.C.E. So we want the traffic for our new website to be routed from the firewall to 10.0.0.14. Right now the untrust interface is bound to 1 of our 13 public IP addresses and lets call it A.B.C.D. This interface already has a bunch of VIP services setup for use by our other website thats been in place for years now so if I added another VIP services to that VIP it would cause conflict b/c they both would be trying to use the same service (HTTPS). It would be great if I could just create another VIP for use by the new public IP address (A.B.C.E) but I've tried that and researched and I don't think it's possible.
So that leads me to MIP. I setup the firewall with a MIP created within the untrust interface to map A.B.C.E to 10.0.0.14. Then I created a policy for source "Any" to destination "MIP(A.B.C.E) with service HTTP. It doesn't work. I get page cannot be displayed error message when attempting to hit the site. However it does work perfectly when I change the MIP to map to 10.0.0.10, 10.0.0.11, 10.0.0.12, or 10.0.0.13.
When I have the MIP mapped to 10.0.0.14 and I turn on logging for that policy this is what I get:
Bytes Sent 206 but Bytes Received as 0. See attached file for more detail.
What could be causing the Bytes Received to be 0??