Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS] Are there any limitations with using the secondary IP address (Trust, DMZ, and Custom)?

0

0

Article ID: KB5527 KB Last Updated: 21 Mar 2013Version: 5.0
Summary:
This article provides information about the limitations with using the secondary IP address (Trust, DMZ, and Custom).
Symptoms:
For example, the root and secondary interfaces share the same Trust/DMZ/Custom zone ethernet port; so, to connect to the Root and Secondary Trust/DMZ/Custom interface, a hub or switch device will be used to connect the multiple network devices to the single Root and Secondary Trust/DMZ/Custom physical ethernet port.
Cause:

Solution:

The intent of the Secondary IP address feature was to increase the IP addressing range of the Trusted, DMZ, and Custom zone interfaces,when the root Trust/DMZ/Custom zone Network IP addresses were being used. The Secondary IP address allows for another Network address to reside on the same physical Interface port (Trust/DMZ/Custom zone) and route these packets through the Netscreen outbound.

Incoming traffic is supported for devices on the same subnet as the secondary IP; but traffic that is directed to the secondary IP itself will not generate any replies.

Example:

Assume the NetScreen device has the secondary IP address as 10.1.1.1.  Any hosts that are on the 10.1.1.0/24 subnet are reachable from the untrust side. However, the actual secondary IP address itself (10.1.1.1) will not participate in any throughput traffic.

In ScreenOS 4.0.0 or later, the secondary IP address can be applied to any interface, including subinterfaces and redundant interfaces, as long as the interface is not binded to the untrust zone. 

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search