Digital IP (Digital IP Deal with)
In JUNOS ScreenOS, VIP maps one exterior IP tackle and port to a number of IP addresses and ports. And in addition It could translate an exterior port with completely different inside ports. Primarily based on the vacation spot port quantity within the TCP or UDP phase VIP addresses map site visitors obtained at one IP tackle to a different tackle. Suppose you probably have just one public IP tackle out there, and wish to host a number of servers, then VIP involves play. VIP addresses the requirement of a number of personal IP addresses with one public IP tackle. VIP can also be known as port forwarding.
Versus VIP , an MIP must be used when we have now a number of public IP addresses, and wish to host a single server to a single public IP.
Instance State of affairs of VIP as Port Forwarding
The under situation will assist perceive the idea of VIP and its configuration –
The client has a secured arrange within the HUB website and needs its cellular customers over the Web to entry the Net Server, Mail Server, and FTP Server for Enterprise-related work. Now, NetScreen Field on the HUB website will observe the next method of NAT (VIP) such that requests for any of HTTP, FTP SMTP lands on the identical International IP, nevertheless, interprets to Native IP tackle based mostly on the vacation spot port.
- An HTTP packet destined for 11.11.11.1:80 (that’s, IP tackle 11.11.11.1 and port 80) will get mapped to a webserver at 12.1.1.12.
- An FTP packet destined for 11.11.11.1:21 will get mapped to an FTP server at 12.1.1.13.
- An SMTP packet destined for 11.11.11.1:25 will get mapped to a mail server at 12.1.1.14.
- The vacation spot IP addresses are the identical. The vacation spot port numbers decide the host to which the safety machine forwards site visitors
Digital IP Forwarding Desk
Word – Beneath configuration can be carried out just for Net Server IP 11.11.11.1:80 –> 12.1.1.12.Translation for FTP and SMTP could be created by taking Net Server VIP configuration as reference.
WebUI Configuration on ScreenOS
1. INTERFACES
Zone Identify: Belief
Static IP: (choose this selection when current)
IP Deal with/Netmask: 12.1.1.1/24
Choose the next, then click on OK
Interface Mode: NAT
Community > Interfaces > Edit (for ethernet3): Enter the next, then click on OK
Zone Identify: Untrust
Static IP: (choose this selection when current)
IP Deal with/Netmask: 11.11.11.11/24 [/su_note
2. VIP
Network > Interfaces > Edit (for ethernet3) > VIP: Enter the following
address, then click Add:
Virtual IP Address: 11.11.11.1
Network > Interfaces > Edit (for ethernet3) > VIP > New VIP Service: Enter
the following, then click OK:
Virtual IP: 11.11.11.1
Virtual Port: 80
Map to Service: HTTP (80)
Map to IP: 12.1.1.12
3. POLICY
Policies > (From: Untrust, To: Trust) New: Enter the following, then click OK
Source Address:
Address Book Entry: (select), ANY
Destination Address:
Address Book Entry: (select), VIP(11.11.11.1)
Service: HTTP
Action: Permit
CLI Configuration on Screenos
1. INTERFACES
set interface ethernet1 IP12.1.1.1/24
set interface ethernet1 NAT
set interface ethernet3 zone untrust
set interface ethernet3 IP 11.11.11.11/24 [/su_note
2. VIP
set interface ethernet3 VIP 11.11.11.1 80 http 12.1.1.12
3. POLICY
set policy from UNTRUST to trust any vip(11.11.11.1) http permit
save