Support Support Downloads Knowledge Base Apex Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

How to configure multiple IP ranges in a DIP pool.

0

0

Article ID: KB11076 KB Last Updated: 11 Aug 2010Version: 4.0
Summary:
Multiple IP ranges for a DIP pool is now supported in ScreenOS 6.1.  Solution for 'DIP Add Error: duplicated dip id' message.
Symptoms:

Prior to ScreenOS 6.1, only one IP range could be configured in a DIP pool.  When trying to configure more than one IP range, the firewall would report the message "DIP Add Error: duplicated dip id":

ssg20-> set int e0/0 dip 10 172.19.50.2 172.19.51.60 fix-port
ssg20-> set int e0/0 dip 10 172.19.50.65 172.19.50.70 fix-port
###DIP Add Error: duplicated dip id 10 on ethernet0/0

Solution:
In ScreenOS 6.1, up to 3 IP ranges can be configured in a IPv4 fix-port DIP pool.
A DIP pool is defined on the interface and extended interface, both of which are in Layer 3.

Configuration:

Add a Range to a DIP Pool

ssg20-> set interface ethernet0/0 ip 172.19.50.1/24
ssg20-> set interface ethernet0/0 dip 10 172.19.50.2 172.19.50.60 fix-port
ssg20-> set interface ethernet0/0 dip 10 172.19.50.65 172.19.50.70 fix-port
ssg20-> set interface ethernet0/0 dip 10 172.19.50.72 172.19.50.253 fix-port

 
Remove a Range from a DIP Pool

ssg20-> unset interface ethernet0/0 dip 10 172.19.50.2 172.19.50.60
ssg20-> unset interface ethernet0/0 dip 10 172.19.50.65 172.19.50.70
ssg20-> unset interface ethernet0/0 dip 10 172.19.50.72 172.19.50.253

 
Remove a DIP Pool

ssg20-> unset interface ethernet0/0 dip 10

 
Verify DIP configuration and utilization

ssg20-> get dip
Dip Id  Dip Low          Dip High         Interface       Attribute   Usage
  10    172.19.50.2      172.19.50.60     ethernet0/0     fix-port    0
        172.19.50.65     172.19.50.70     ethernet0/0     fix-port    0
        172.19.50.72     172.19.50.253    ethernet0/0     fix-port    0

Dip Id  Utilization
  10      0%
Port-xlated dip stickness off
DIP pool utilization alarm: disabled, raise threshold 0%, clear threshold 0%
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search