Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS] Using a DIP pool

0

0

Article ID: KB4748 KB Last Updated: 06 Jan 2021Version: 7.0
Summary:

This article provides information on how to use a DIP pool.

 

Solution:

Note:

  • This article is applicable to ScreenOS 5.0 or later.

  • A Dynamic IP (DIP) pool is a range of IP addresses that the NetScreen device can use, when performing network address translation (NAT). There are three kinds of interfaces that you can link to - Dynamic IP (DIP) pools, physical interfaces, sub interfaces for network and VPN traffic, and tunnel interfaces for VPN tunnels only.

DIP pools can be used in the following applications:

  • Many-to-many address translations. This can be used in VPN networks where connected sites have overlapping IP subnets. To allow them to be connected without IP address conflicts, IP addresses need to be translated either before the traffic is sent into the VPN tunnel or after it is decrypted at the other gateway. DIPs are used in either case to translate one subnet to another to allow overlapping networks to communicate.

  • One-to-many address translations. This is often used when policy-based NAT is utilized. Policy-based NAT only translates traffic that meets the policy, allowing other traffic to be routed through the firewall. This allows for mixed networks of public and private IP addresses. This DIP application is very similar to NAT, except that it is done on a policy basis instead of by interface.

To configure a DIP pool on your NetScreen, perform the following steps:

  1. Open the WebUI. For more information about accessing WebUI, refer to KB4317 - [ScreenOS] Accessing your Juniper firewall device using the WebUI.

  2. From the NetScreen options menu, click Network, and then click Interfaces.

  1. From the Interface screen, choose the interface you would like to modify, and click Edit.

For this example, we chose to edit the ethernet3 interface.

  1. From the Interface screen, click to select DIP.

  1. Click New.

  1. Enter an ID.

For this example, we have used an ID of 5.

  1. From IP Address Range, enter a Start and an End IP address.

Note: The Start and End IP addresses will need to be in the same subnet as the interface that is being edited. For this example, the Start IP address of 10.20.1.50 and End IP address of 10.20.1.100 have been used.

  1. Click to select Port Translation.

  1. Click OK.

To apply the DIP that is created on the interface to the policy, refer to KB4771 - [Archive] Using the NAT option in a policy.

 

Modification History:

2021-01-06: Removed old WebUI snapshots and replaced by new WebUI snapshots

 

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search