juniper firewall with two separate subnets for public IPs giving me hassle
Posted on 2012-12-20
I have a juniper ssg5 that is giving me some headache. I was given two public facing blocks of 6 IPs.
Which I have entered a single IP on the windows IIS server behind it as a public facing IP, forwarded 443 and 80, no problems (this is one from the 220.127.116.11 address).
The second block I put in as virtual IPs on the public NIC on the windows box, and added the first address as a secondary gateway, the ISP instructed me that 18.104.22.168 is my gateway and 2-6 are my usable). In the firewall, I added the block as a network object and as secondary IP on the trusted connection with he original IP block that is working fine. Then forwarded forwarded 80 and 443. The last IP, 22.214.171.124 doesn't respond to a ping at all, but 1-5 do. I ran a tracert from my own IP, and it stops right before my firewall, whereas the others get to my firewall and then to my IP. Then only 126.96.36.199 responds to 443 requests, the others (2, 3, 5, 6) don't respond at all and look like they are closed to 443 from the outside world. Any ideas?
I don't think it is my firewall setup since it can ping all my addresses, but then th elast usable doesn't work at all. Then I don't know why it would only work for just one IP in the new block, and half way for the others in IIS.
This is on a standalone IIS box running current updates on Windows 2008 R2.