Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

When to Use a Virtual IP and When to Use a Mapped IP

0

0

Article ID: KB4751 KB Last Updated: 09 Jun 2010Version: 5.0
Summary:

When to Use a Virtual IP and When to Use a Mapped IP

Symptoms:


 

Solution:

Note: This article applies to ScreenOS 4.0 and higher.

A Virtual IP (VIP) maps one external IP address and one external port to a multiple number of possible IP addresses and ports. It can also translate an external port to a different internal port. VIP addresses map traffic received at one IP address to another address based on the destination port number in the TCP or UDP segment header. If you have only one public IP address available, and you want to host multiple servers, use a VIP. An MIP should be used when you have multiple public IP addresses, and you want to host a single server to a single public IP. A VIP is the equivalent of what many network engineers call port forwarding. For example:

  • An HTTP packet destined for 210.1.1.3:80 (that is, IP address 210.1.1.3 and port 80) might be mapped to a Web server at 192.168.1.10.
  • An FTP packet destined for 210.1.1.3:21 might be mapped to an FTP server at 192.168.1.20.
  • An SMTP packet destined for 210.1.1.3:25 might be mapped to a mail server at 192.168.1.30.

The destination IP addresses are the same. The destination port numbers determine the host to which the NetScreen device forwards traffic.

note: For more information on how to configure a virtual IP, go to Configuring a Virtual IP.

A Mapped IP (MIP) is a direct one-to-one mapping of one IP address to another IP address. The NetScreen device forwards incoming traffic destined for an MIP to the host with the address to which the MIP points. MIP maps one external IP address to one internal IP address, and does not alter the port information. Essentially, an MIP is a static destination address translation.

MIPs allow inbound traffic to reach private addresses in a zone whose interface is in NAT mode. MIPs also provide part of the solution to the problem of overlapping address spaces at two sites connected by a VPN tunnel.

Note: An overlapping address space is when the IP address range in two networks is partially or completely the same.

note: For more information on how to configure a MIP, go to How Do I Configure a 1-to-1 Mapping of a Public Address to a Private Address?
 

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search