Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Replacing a NetScreen with another one with exactly the same IP address

0

0

Article ID: KB6244 KB Last Updated: 25 Aug 2010Version: 3.0
Summary:
Replacing a NetScreen with another one with exactly the same IP address
Symptoms:
Replacing NetScreen hardware NetScreen is in NAT mode NetScreen configured with MIPs Access to internal hosts allowed via incoming MIP policy Incoming policies not working
Solution:

This solution applies to all versions of ScreenOS, with configurations with interface based NAT and MIPs:

If replacing one NetScreen with another, with the exact same IP addresses on all interfaces, incoming policies will not work until the ARP cache on the router on the untrust side of the NetScreen is cleared.  This is because the router contains the ARP entries for the IP address and MAC address for the NetScreen that was replaced. 

Resolution:  Clear the ARP cache on the router or network device on the untrust side of the NetScreen.  Please consult your router or network device for procedures on clearing the ARP cache/table

Here is the problem or goal:

  • Incoming policies not working
  • Replacing a NetScreen with another one with exactly the same IP address

Problem Environment:

  • Replacing NetScreen hardware
  • NetScreen is in NAT mode
  • NetScreen configured with MIPs
  • Access to internal hosts allowed via incoming MIP policy

Applicable Products:

  • NetScreen-5
  • NetScreen-5XP
  • NetScreen-5XT
  • NetScreen-10
  • NetScreen-25
  • NetScreen-50
  • NetScreen-100
  • NetScreen-204
  • NetScreen-208
  • NetScreen- 500
  • NetScreen-1000
  • NetScreen-5200
  • NetScreen-5400

Applicable ScreenOS:

  • 1.64
  • 1.65
  • 1.66
  • 2.00
  • 2.01
  • 2.10
  • 2.50
  • 2.6.0
  • 2.6.1
  • 2.7.1
  • 2.8.0
  • 2.8.1
  • 3.0.0
  • 3.0.1
  • 3.0.2
  • 3.0.3
  • 3.1.0
  • 4.0.0
  • 4.0.0-DIAL
  • 4.0.1
  • 4.0.2


Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search