Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS] How to configure DIP on a loopback Interface

0

0

Article ID: KB26014 KB Last Updated: 22 Oct 2012Version: 1.0
Summary:
This article provides information on how to configure a DIP on a loopback interface.
Symptoms:
Two tunnel interfaces - tunnel.1 and tunnel.2 are present and are part of the untrust zone:
set interface "tunnel.1" zone "Untrust"
set interface "tunnel.2" zone "Untrust"
The requirement is to have the same NAT source IP for both of the tunnel interfaces. All the traffic that passes through the tunnel interface should be NATed to the same IP address.




Cause:

Solution:
  1. To achieve this, a loopback interface will be used. A loopback interface was created in the same zone, as that of tunnel.1 and tunnel.2 (which is the untrust zone):
    set interface "loopback.1" zone "Untrust"
    set interface loopback.1 ip 10.1.1.1/24
  2. Make the tunnel.1 and tunnel.2 tunnel interfaces members of the loopback group. On the device, the following configuration is set:
    set interface "tunnel.1" loopback-group "loopback.1"
    set interface "tunnel.2" loopback-group "loopback.1"
  3. Create the DIP on the loopback interface. In this example, the DIP was created on loopback.1 in the extended subnet:
    set interface loopback.1 ext ip 3.3.3.3 255.255.255.255 dip 4 3.3.3.3 3.3.3.3
  4. DIP ID 4 is used, when configuring the policies:
    set policy id 1 from "Trust" to "Untrust" "Any-IPv4" "Any-IPv4" "ANY" nat src dip-id 4 permit log 
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search