Why are packets matching DIP ID 2?
| Knowledge Base ID: | KB6271 |
| Version: | 3.0 |
| Published: | 07 Oct 2008 |
| Updated: | 07 Oct 2008 |
| Categories: |
 Firewall/IPSec_VPN ScreenOS |
Why are packets matching DIP ID 2?
Problem or Goal:
Environment:
Solution:- Debug stream shows packets matching 'DIP ID 2'
- No DIPs defined!
- Valid DIP ID range is 4 to 255
In Screen OS 4.0 and later, DIP ID 2 is a predefined DIP.
DIP ID 2 is policy based NAT (Network Address Translation), with DIP disabled. In other words, the address was translated to the address of the egress interface.
In earlier ScreenOS versions (pre-4.0) this setting was associated with the physical interfaces.
- DIP id1 = trust
- DIP id2 = DMZ
- DIP id3 = untrust
Configuration
