KB Home KB Home Back to all Knowledge Base Browse Knowledge Base Categories Printer Friendly Version Printer Friendly

Using a DIP Pool
Knowledge Base ID: KB4748
Version: 4.0
Published: 07 Oct 2008
Updated: 07 Oct 2008
Categories: . NS-5GT
. NS-5XP
. NS-5XT
. NS-25
. NS-50
. NS-204
. NS-208
. NS-5200
. NS-5400
. Management (Admin)

Synopsis:
Using a DIP Pool

Solution:
Note: This article applies to ScreenOS 5.0 and higher.

Note: A Dynamic IP (DIP) pool is a range of IP addresses which the NetScreen device can use when performing network address translation (NAT). There are three kinds of interfaces that you can link to, Dynamic IP (DIP) pools, physical interfaces and sub interfaces for network and VPN traffic, and tunnel interfaces for VPN tunnels only.

DIP pools can be used in the following applications:

  • Many-to-many address translations. This can be used in VPN networks where connected sites have overlapping IP subnets. To allow them to be connected without IP address conflicts, IP addresses need to be translated either before the traffic is sent into the VPN tunnel or after it is decrypted at the other gateway. DIPs are used in either case to translate one subnet to another to allow overlapping networks to communicate.
  • One-to-many address translations. This is often used when policy-based NAT is utilized. Policy-based NAT only translates traffic that meets the policy, allowing other traffic to be routed through the firewall. This allows for mixed networks of public and private IP addresses. This DIP application is very similar to NAT, except that it is done on a policy basis instead of by interface.

To configure a DIP pool on your NetScreen, perform the following steps:

Step one: Open the WebUI. For more information on accessing the WebUI, select your product from the list below:


Step two: From the NetScreen options menu, click Network, and then click Interfaces.

Image of step two

Step three: From the Interface screen, choose the interface you would like to modify, and click Edit.

Note: For this example, we chose to edit the ethernet3 interface.

Image of step three

Step four: From the Interface screen, click to select DIP.

Image of step four

Step five: Click New.

Image of step five

Step six: Enter an ID.

Note: For this example, we have used an ID of 5.

Image of step six and seven

Step seven: From IP Address Range, enter a Start and an End IP address.

Note: The Start and End IP addresses will need to be in the same subnet as the interface you are editing.

Note: For this example, we have used a Start IP address of 10.20.1.50, and an End IP address of 10.20.1.100.

Step eight: Click to select Port Translation.

Image of step eight and nine

Step nine: Click OK.

Purpose:
Troubleshooting

ASK THE KB
Question or KB ID:



RELATED TOPICS