Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Accessing a MIP from Internet and VPN Tunnel simultaneously

0

0

Article ID: KB8157 KB Last Updated: 09 Sep 2011Version: 5.0
Summary:

Accessing a MIP from the Internet and through the VPN tunnel simultaneously

Symptoms:

Solution:

To access a server through a MIP from either the Internet or VPN tunnel, it is best to use the loopback group feature.  Create a MIP off of the loopback interface; which is, mapped to the desired server on the trust zone.  Place the tunnel interface and the physical interface bound to the untrust zone as members of a loopback interface. 

Example: 

Assume

  • The  physical e3 interface is bound to the untrust zone.
  • Tunnel.1 interface is also bound to the untrust zone. 
  1. Create the loopback interface.  The loopback interface must be bound to the same zone as the members of the loopback group.

    set interface loopback.1 zone untrust
    set interface loopback.1 ip 11.11.11.1/24
  2. Create the MIP on the loopback interface.

    set interface loopback.1 mip 11.11.11.10 host 192.168.1.34
  3. Place ethernet3 and tunnel.1 as members of loopback.1

    set interface ethernet3 loopback-group loopback.1
    set interface tunnel.1 loopback-group loopback.1
  4. Add a static host route for the MIP through the tunnel from the other side of the VPN

You should now be able to access the same server from both Internet, and from VPN using the same MIP address. 

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search