Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS] Configuring an IPv6 to IPv4 host MIP

0

0

Article ID: KB21194 KB Last Updated: 07 Sep 2020Version: 2.0
Summary:

This article provides information about the procedure to configure an IPv6 to IPv4 host maintenance intermediate point (MIP).

 

Symptoms:

Is it possible to access an internal host, behind the NetScreen device, which has a private IPv4 address through a public IPv6 address? The answer is Yes and how is shown in the Solution section.

 

Solution:

Consider the following setup:

  • Internal host IP is 192.168.1.10.

  • Public interface (e0/2) IP is 2006:cd::1/64. 

  • Another public IP - 2006:cd::2 is available for use.

Here is how you can configure a MIP to a single IP and a policy to permit any host from the Untrust zone to access the internal host:

CLI

set interface "ethernet0/1" zone "Trust"
set interface "ethernet0/2" zone "Untrust"
set interface ethernet0/1 ip 192.168.1.1/24
set interface ethernet0/1 nat
set interface "ethernet0/2" ipv6 mode "host"
set interface "ethernet0/2" ipv6 ip 2006:cd::1/64
set interface "ethernet0/2" ipv6 enable
set interface ethernet0/2 route
set interface ethernet0/2 ipv6 nd nud
set interface "ethernet0/2" mip 2006:cd::2 ipv6 host 192.168.1.10 vr "trust-vr"
set policy id 1 from "Untrust" to "Trust" "Any-IPv6" "MIP(2006:cd::2)" "ANY" nat src permit

Web UI

  1. Click Interfaces.

  2. Select the e0/2 Interface.

  3. Click MIP.

  4. Click New. You will be at Network > Interfaces > Edit > MIP > Configuration for interface e0/2. Type the following:

  • MIP Type:IPv6 to IPv4/6 Host Mapping

  • Mapped IP: 2006:cd::2

  • Host IP: 192.168.1.10

  • Host Virtual Router Name: trust-vr

  1. Create an incoming policy by navigating to and selecting the following:

  • Policy > Policies (From Untrust To Trust)

  • Source: Any

  • Destination: MIP(2006:cd::2)

  • Service: ANY

  • Action: Permit

  • Click Advanced. Select Source Translation

 

Modification History:

2020-09-07: Removed EOL devices; article checked for accuracy; no changes made; article found to be relevant and valid

 

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search