Solved

juniper firewall with two separate subnets for public IPs giving me hassle

Posted on 2012-12-20
1
476 Views
Last Modified: 2012-12-20
I have a juniper ssg5 that is giving me some headache.  I was given two public facing blocks of 6 IPs.  
example
1.1.1.1\29
and
2.2.2.1\29

Which I have entered a single IP on the windows IIS server behind it as a public facing IP, forwarded 443 and 80, no problems (this is one from the 1.1.1.1 address).

The second block I put in as virtual IPs on the public NIC on the windows box, and added the first address as a secondary gateway, the ISP instructed me that 2.2.2.1 is my gateway and 2-6 are my usable).  In the firewall, I added the block as a network object and as secondary IP on the trusted connection with he original IP block that is working fine. Then forwarded forwarded 80 and 443.  The last IP, 2.2.2.6 doesn't respond to a ping at all, but 1-5 do. I ran a tracert from my own IP, and it stops right before my firewall, whereas the others get to my firewall and then to my IP.  Then only 2.2.2.4 responds to 443 requests, the others (2, 3, 5, 6) don't respond at all and look like they are closed to 443 from the outside world.  Any ideas?

I don't think it is my firewall setup since it can ping all my addresses, but then th elast usable doesn't work at all.  Then I don't know why it would only work for just one IP in the new block, and half way for the others in IIS.

This is on a standalone IIS box running current updates on Windows 2008 R2.
0
Comment
Question by:tsaico
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 9

Accepted Solution

by:
tsaico earned 0 total points
ID: 38710022
Gack, my own silliness, I had an incorrect MIP that was incorrectly forwarding my requests, killing my port forwarding.  Once removed, it is working correctly.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question