Solved

juniper firewall with two separate subnets for public IPs giving me hassle

Posted on 2012-12-20
1
471 Views
Last Modified: 2012-12-20
I have a juniper ssg5 that is giving me some headache.  I was given two public facing blocks of 6 IPs.  
example
1.1.1.1\29
and
2.2.2.1\29

Which I have entered a single IP on the windows IIS server behind it as a public facing IP, forwarded 443 and 80, no problems (this is one from the 1.1.1.1 address).

The second block I put in as virtual IPs on the public NIC on the windows box, and added the first address as a secondary gateway, the ISP instructed me that 2.2.2.1 is my gateway and 2-6 are my usable).  In the firewall, I added the block as a network object and as secondary IP on the trusted connection with he original IP block that is working fine. Then forwarded forwarded 80 and 443.  The last IP, 2.2.2.6 doesn't respond to a ping at all, but 1-5 do. I ran a tracert from my own IP, and it stops right before my firewall, whereas the others get to my firewall and then to my IP.  Then only 2.2.2.4 responds to 443 requests, the others (2, 3, 5, 6) don't respond at all and look like they are closed to 443 from the outside world.  Any ideas?

I don't think it is my firewall setup since it can ping all my addresses, but then th elast usable doesn't work at all.  Then I don't know why it would only work for just one IP in the new block, and half way for the others in IIS.

This is on a standalone IIS box running current updates on Windows 2008 R2.
0
Comment
Question by:tsaico
1 Comment
 
LVL 9

Accepted Solution

by:
tsaico earned 0 total points
ID: 38710022
Gack, my own silliness, I had an incorrect MIP that was incorrectly forwarding my requests, killing my port forwarding.  Once removed, it is working correctly.
0

Featured Post

Too many email signature updates to deal with?

Do you feel like you are taking up all of your time constantly visiting users’ desks to make changes to email signatures? Wish you could manage all signatures from one central location, easily design them and deploy them quickly to users? Well, there is an easy way!

Join & Write a Comment

If you don't have the right permissions set for your WordPress location in IIS, you won't be able to perform automatic updates. Here's how to fix the problem.
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

26 Experts available now in Live!

Get 1:1 Help Now