|

»

»

Netscreen at Compsoc.com

Mapping two internal IPs to one public

View: New views

5 Messages — Rating Filter: Alert me

	Mapping two internal IPs to one public by jeffbreck :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message I am new to netscreen firewalls. Need some advice. We have two Citrix servers. How do I perform this on the netscreen so one public IP maps to both private IPs for internal and external? Should I use DIP and how to ensure this mapping sticks for users so their sessions use only one or the other server? Thanks, Jeff
	Re: Mapping two internal IPs to one public by pkc_mls :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message jeffbreck a écrit : > I am new to netscreen firewalls. Need some advice. > > We have two Citrix servers. How do I perform this on the netscreen so one > public IP maps to both private IPs for internal and external? Should I use > DIP and how to ensure this mapping sticks for users so their sessions use > only one or the other server? > > you can use policy based nat dst for this. this can be set in the advanced options of your rules. > Thanks, > > Jeff > _______________________________________________ nn mailing list nn@... http://www.compsoc.com/cgi-bin/mailman/listinfo/nn
	Re: Mapping two internal IPs to one public by Greg Conroy :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message The easiest way is to make a MIP (Mapped In IP) , depending on the firewall you are limited to the number of MIPS that can be configured based on model. SSG5 300MIPs NS25/50 500MIPs SSG140 1,000MIP's Greg pkc_mls wrote: > jeffbreck a écrit : > >> I am new to netscreen firewalls. Need some advice. >> >> We have two Citrix servers. How do I perform this on the netscreen so one >> public IP maps to both private IPs for internal and external? Should I use >> DIP and how to ensure this mapping sticks for users so their sessions use >> only one or the other server? >> >> >> > you can use policy based nat dst for this. > this can be set in the advanced options of your rules. > >> Thanks, >> >> Jeff >> >> > > > _______________________________________________ > nn mailing list > nn@... > http://www.compsoc.com/cgi-bin/mailman/listinfo/nn > > _______________________________________________ nn mailing list nn@... http://www.compsoc.com/cgi-bin/mailman/listinfo/nn
	Re: Mapping two internal IPs to one public by Charles Robinson :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On May 15, 2008, at 6:28, Greg Conroy wrote: > The easiest way is to make a MIP (Mapped In IP) , depending on the > firewall you are limited to the number of MIPS that can be configured > based on model. > > > SSG5 300MIPs > NS25/50 500MIPs > SSG140 1,000MIP's > MIPs, though, have a one-to-one relationship between the internal and external IPs. The original poster was asking for how to map ONE external IP to TWO internals. Assuming there are different port ranges being reached on each server (hmmm.... that would be odd for a Citrix server) he could use VIPs. But really the answer would be to get more public IPs and use MIPS to have that one-to-one relationship between the external and internal addresses. Much easier to deal with. -Charles -- Charles Robinson - charlesr@... Minneapolis, MN http://charles.robinsontwins.org _______________________________________________ nn mailing list nn@... http://www.compsoc.com/cgi-bin/mailman/listinfo/nn
	Re: Mapping two internal IPs to one public by Greg Conroy :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Your right, I did not catch that, a VIP would work if you have different services (different ports) on each server, what he is describing is load balancing. There is no real way to use a firewall as a load balancer. Greg Charles Robinson wrote: > On May 15, 2008, at 6:28, Greg Conroy wrote: > > >> The easiest way is to make a MIP (Mapped In IP) , depending on the >> firewall you are limited to the number of MIPS that can be configured >> based on model. >> >> >> SSG5 300MIPs >> NS25/50 500MIPs >> SSG140 1,000MIP's >> >> > > MIPs, though, have a one-to-one relationship between the internal and > external IPs. > > The original poster was asking for how to map ONE external IP to TWO > internals. > > Assuming there are different port ranges being reached on each server > (hmmm.... that would be odd for a Citrix server) he could use VIPs. > But really the answer would be to get more public IPs and use MIPS to > have that one-to-one relationship between the external and internal > addresses. Much easier to deal with. > > -Charles > > -- > Charles Robinson - charlesr@... > Minneapolis, MN > http://charles.robinsontwins.org > > > _______________________________________________ > nn mailing list > nn@... > http://www.compsoc.com/cgi-bin/mailman/listinfo/nn > > _______________________________________________ nn mailing list nn@... http://www.compsoc.com/cgi-bin/mailman/listinfo/nn

LightInTheBox - Buy quality products at wholesale price