|

»

»

Netscreen at Compsoc.com

VIP Limit on 5GT?

View: New views

9 Messages — Rating Filter: Alert me

	VIP Limit on 5GT? by Brian Johnson-15 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Some parts of this message have been removed. Learn more about Nabble's security policy. I am running a 5GT on 4.0.0r2.3. I currently have one VIP and one corresponding VIP service. I want to add another VIP address and map through to some internal services. However, in the web interface, clicking “New VIP Service” (the only option I see), only lets me add services to the existing VIP address. I also tried to add the new VIP address via telnet interface and get the following error: “Too many (1) Virtual IP” Can anyone shed some light on what is going on or what I am doing wrong?? Thanks! _______________________________________________ nn mailing list nn@... http://www.compsoc.com/cgi-bin/mailman/listinfo/nn
	Re: VIP Limit on 5GT? by TiM-59 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Thu, January 17, 2008 3:54 pm, Brian Johnson wrote: > I am running a 5GT on 4.0.0r2.3. > > I currently have one VIP and one corresponding VIP service. > > I want to add another VIP address and map through to some internal > services. > > However, in the web interface, clicking "New VIP Service" (the only > option I see), only lets me add services to the existing VIP address. > > I also tried to add the new VIP address via telnet interface and get the > following error: > > "Too many (1) Virtual IP" > > > > Can anyone shed some light on what is going on or what I am doing > wrong?? > > Thanks! That's because you can only have 1 VIP on a 5GT: http://kb.juniper.net/KB5989 Therefore, you can only have 1 External IP address with a VIP on it. Sorry to be the bearer of bad news. Tim _______________________________________________ nn mailing list nn@... http://www.compsoc.com/cgi-bin/mailman/listinfo/nn
	Re: VIP Limit on 5GT? by Boni Bruno :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Some parts of this message have been removed. Learn more about Nabble's security policy. Sounds like your license does not allow for an addition VIP. Click the license tab and see how many VIP's you license allows, you may have to upgrade your license. I know you can have multiple VIP's on a 5GT as long as your license allows it. Regards, -boni bruno From: nn-bounces@... on behalf of Brian Johnson Sent: Thu 1/17/2008 7:54 AM To: nn@... Subject: [nn] VIP Limit on 5GT? I am running a 5GT on 4.0.0r2.3. I currently have one VIP and one corresponding VIP service. I want to add another VIP address and map through to some internal services. However, in the web interface, clicking “New VIP Service” (the only option I see), only lets me add services to the existing VIP address. I also tried to add the new VIP address via telnet interface and get the following error: “Too many (1) Virtual IP” Can anyone shed some light on what is going on or what I am doing wrong?? Thanks! Click here to report this email as spam. _______________________________________________ nn mailing list nn@... http://www.compsoc.com/cgi-bin/mailman/listinfo/nn
	Re: VIP Limit on 5GT? by TiM-59 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Thu, January 17, 2008 5:00 pm, Boni Bruno wrote: > Sounds like your license does not allow for an addition VIP. Click the > license tab and see how many VIP's you license allows, you may have to > upgrade your license. I know you can have multiple VIP's on a 5GT as long > as your license allows it. > > Regards, > > -boni bruno Are you sure of this? I can't find anything on the Juniper that mentions this, and the datasheet for the 5GT disagrees: http://www.juniper.net/products/integrated/dsheet/110034.pdf Would be nice if it was the case though. Tim _______________________________________________ nn mailing list nn@... http://www.compsoc.com/cgi-bin/mailman/listinfo/nn
	Re: VIP Limit on 5GT? by Brian Johnson-15 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Some parts of this message have been removed. Learn more about Nabble's security policy. Under Configuration->Update->ScreenOS/Keys, the following is in the “License Information” box: Capacity: unlimited number of users VPN tunnels: 10 tunnels NSRP: Disable I don’t see anything that would indicate a license limit?? Thanks, Brian From: Boni Bruno [mailto:bbruno@...] Sent: Thursday, January 17, 2008 12:01 PM To: Brian Johnson; nn@... Subject: RE: [nn] VIP Limit on 5GT? Sounds like your license does not allow for an addition VIP. Click the license tab and see how many VIP's you license allows, you may have to upgrade your license. I know you can have multiple VIP's on a 5GT as long as your license allows it. Regards, -boni bruno From: nn-bounces@... on behalf of Brian Johnson Sent: Thu 1/17/2008 7:54 AM To: nn@... Subject: [nn] VIP Limit on 5GT? I am running a 5GT on 4.0.0r2.3. I currently have one VIP and one corresponding VIP service. I want to add another VIP address and map through to some internal services. However, in the web interface, clicking “New VIP Service” (the only option I see), only lets me add services to the existing VIP address. I also tried to add the new VIP address via telnet interface and get the following error: “Too many (1) Virtual IP” Can anyone shed some light on what is going on or what I am doing wrong?? Thanks! Click here to report this email as spam. _______________________________________________ nn mailing list nn@... http://www.compsoc.com/cgi-bin/mailman/listinfo/nn
	Re: VIP Limit on 5GT? by dh-7 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message With ScreenOS 5.1 VIP count was increased to 4 on the 5 series, including 5gt, 5xt and the HSC. If you have multiple public IPs available, use a MIP instead. The 5gt supports 100 MIPs with ScreenOS 5.0, it should be similar with 4.0.0. /dh Brian Johnson wrote: > > I am running a 5GT on 4.0.0r2.3. > > I currently have one VIP and one corresponding VIP service. > > I want to add another VIP address and map through to some internal > services. > > However, in the web interface, clicking “New VIP Service” (the only > option I see), only lets me add services to the existing VIP address. > > I also tried to add the new VIP address via telnet interface and get > the following error: > > “Too many (1) Virtual IP” > > Can anyone shed some light on what is going on or what I am doing wrong?? > > Thanks! > > ------------------------------------------------------------------------ > > _______________________________________________ > nn mailing list > nn@... > http://www.compsoc.com/cgi-bin/mailman/listinfo/nn > _______________________________________________ nn mailing list nn@... http://www.compsoc.com/cgi-bin/mailman/listinfo/nn
	Re: VIP Limit on 5GT? by Brian Johnson-15 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Thanks for the info. I was trying to avoid using MIPs because of limited IPs. Can I get an OS upgrade? Brian -----Original Message----- From: DH [mailto:rugby@...] Sent: Thursday, January 17, 2008 4:20 PM To: Brian Johnson Cc: nn@... Subject: Re: [nn] VIP Limit on 5GT? With ScreenOS 5.1 VIP count was increased to 4 on the 5 series, including 5gt, 5xt and the HSC. If you have multiple public IPs available, use a MIP instead. The 5gt supports 100 MIPs with ScreenOS 5.0, it should be similar with 4.0.0. /dh Brian Johnson wrote: > > I am running a 5GT on 4.0.0r2.3. > > I currently have one VIP and one corresponding VIP service. > > I want to add another VIP address and map through to some internal > services. > > However, in the web interface, clicking "New VIP Service" (the only > option I see), only lets me add services to the existing VIP address. > > I also tried to add the new VIP address via telnet interface and get > the following error: > > "Too many (1) Virtual IP" > > Can anyone shed some light on what is going on or what I am doing wrong?? > > Thanks! > > ------------------------------------------------------------------------ > > _______________________________________________ > nn mailing list > nn@... > http://www.compsoc.com/cgi-bin/mailman/listinfo/nn > _______________________________________________ nn mailing list nn@... http://www.compsoc.com/cgi-bin/mailman/listinfo/nn
	Re: VIP Limit on 5GT? by Jason Brown-12 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Some parts of this message have been removed. Learn more about Nabble's security policy. This is not a license limitation thing. By what you say I assume you have used the External IF IP address for the current VIP. From memory you can only add multiple VIP address when you use IP address from a different subnet to what the external Interface is assigned. My suggestion to achieve what you want to do via policies and address book entries perhaps even using MIP instead. If you need to NAT via policy just go to advanced within the policy config and use NAT w/ Destination translation and enter the IP address of the internal host. Of course this config type will require the relevant address book entries to be used. From: nn-bounces@... [mailto:nn-bounces@...] On Behalf Of Brian Johnson Sent: Friday, 18 January 2008 7:06 AM To: Boni Bruno; nn@... Subject: Re: [nn] VIP Limit on 5GT? Under Configuration->Update->ScreenOS/Keys, the following is in the “License Information” box: Capacity: unlimited number of users VPN tunnels: 10 tunnels NSRP: Disable I don’t see anything that would indicate a license limit?? Thanks, Brian From: Boni Bruno [mailto:bbruno@...] Sent: Thursday, January 17, 2008 12:01 PM To: Brian Johnson; nn@... Subject: RE: [nn] VIP Limit on 5GT? Sounds like your license does not allow for an addition VIP. Click the license tab and see how many VIP's you license allows, you may have to upgrade your license. I know you can have multiple VIP's on a 5GT as long as your license allows it. Regards, -boni bruno From: nn-bounces@... on behalf of Brian Johnson Sent: Thu 1/17/2008 7:54 AM To: nn@... Subject: [nn] VIP Limit on 5GT? I am running a 5GT on 4.0.0r2.3. I currently have one VIP and one corresponding VIP service. I want to add another VIP address and map through to some internal services. However, in the web interface, clicking “New VIP Service” (the only option I see), only lets me add services to the existing VIP address. I also tried to add the new VIP address via telnet interface and get the following error: “Too many (1) Virtual IP” Can anyone shed some light on what is going on or what I am doing wrong?? Thanks! Click here to report this email as spam. _______________________________________________ nn mailing list nn@... http://www.compsoc.com/cgi-bin/mailman/listinfo/nn
	Re: VIP Limit on 5GT? by klauzi :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi, if you apply a VIP to native interface address (same as the untrusted interface IP address) you are limited to one VIP per interface. You have to make an additional VIP first, then you are able to add more. "get sys-cfg \| include vip" shows you, how many VIPs are allowed on your system. Regards, Klauzi -- nil extimescere _______________________________________________ nn mailing list nn@... http://www.compsoc.com/cgi-bin/mailman/listinfo/nn