Knowledge Search


×
 

Why are packets matching DIP ID 2?

  [KB6271] Show Article Properties


Summary:
Why are packets matching DIP ID 2?
Symptoms:
Environment:
  • Debug stream shows packets matching 'DIP ID 2'
  •  No DIPs defined!
  • Valid DIP ID range is 4 to 255
Solution:

In Screen OS 4.0 and later, DIP ID 2 is a predefined DIP.

DIP ID 2 is policy based NAT (Network Address Translation), with DIP disabled.  In other words, the address was translated to the address of the egress interface.

In earlier ScreenOS versions (pre-4.0) this setting was associated with the physical interfaces. 

  • DIP id1 = trust
  • DIP id2 = DMZ
  • DIP id3 = untrust

Related Links: