Juniper SSG 5 Routing Public IP's

mike1210 · 4 Mar 2012 at 23:33

Hello all,

http://i1137.photobucket.com/albums/n517/mikejrg/ssg.jpg

Following on from my thread about connecting an SSG 5 and Cisco 881 together.

I have tried to root Public IP's from my Juniper to my Desktop PC as a test but to no avail, current setup of ports is as pic attached. I have been trying to use Ethernet 0/5.

Does anyone know how the switch port would have to be configured, I am running NAT atm on the device as well.

I have a /29 with Zen.

I have tried different zones and the like to no avail.

kerrgreg · 5 Mar 2012 at 08:56

Looking at the config you have shown you have nothing connected on eth0/5 the port is down looks like port 0/0 is up,

Is port 0/0 your ISP/wan?

this might be a stupid question also but i haven't had coffee yet, why is you subnet a /32 when you have a /29 from zen?

RSR · 5 Mar 2012 at 09:20

You'll need to MIP the IPs on the untrust interface which provides the static mapping.

Also as above your external range should have a /29 at the end on eth0

bigredshark · 5 Mar 2012 at 16:01

[RXP]Andy;21402771 said:
You'll need to MIP the IPs on the untrust interface which provides the static mapping.

Also as above your external range should have a /29 at the end on eth0

Not necessarily, that's one implementation. Configuring the /29 on an internal interface would be entirely possible (or as a secondary IP on an internal interface).

That's my implementation, I have a /30 for the Untrust and a /29 and /27 on a pair of interfaces in the trust zone. (and a RFC1918 /24 on another interface NAT'ing)

As to the OP, I'm unsure what you're trying to do with eth5, it looks like it's configured for use in transparent mode (L2 mode, member of v1-trust zone...).

mike1210 · 5 Mar 2012 at 17:57

Many thanks all, I had to change the netmask on the pppoe settings. That looks like the below

With that my interface list is as below

I then tried to hardwire my pc but to no avail

The ethernet 0/0 properties are as below

I created a MIP map as below

Zones are below

Basically I want to have the SSG 5 firewall the connection, then I connect the Cisco 881 behind that.

Do I need to create another group to pass down public IP's.?

mike1210 · 5 Mar 2012 at 18:16

bigredshark said:
As to the OP, I'm unsure what you're trying to do with eth5, it looks like it's configured for use in transparent mode (L2 mode, member of v1-trust zone...).

Yes sorry I applied the wrong zone to it earlier.