Configuring Dip Options - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01 Manual
Configuring screenos devices guide
Hide thumbs
Also See for NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01:
- Manual (340 pages) ,
- Administration manual (1026 pages) ,
- Installation manual (244 pages)
Table of Contents
Advertisement
Configuring DIP Options
Related
Documentation
Copyright © 2010, Juniper Networks, Inc.
The IP addresses for the servers that process the requests
The type of service you want the security device to forward from the VIP to the IP
address of the host
Use the VIP Options configuration screen to set multiple port entries for VIPs. A single
VIP can support custom services with multiple port entries by creating multiple service
entries under that VIP. To use multiple-port services in a VIP, you need to enable multiple
port services, and then reset the security device.
For more detailed explanation about configuring VIPs on security devices, see the
"Fundamentals" volume in the Concepts & Examples ScreenOS Reference Guide.
Use DIP Options to set DIP translation operation.
When DIP is configured on an interface, the security device normally assigns a different
source IP address for each session, even when a single host initiates several sessions
that require NAT using the DIP pool. This random address assignment can be problematic
for services that create multiple sessions that require the same source IP address for
each session.
For example, it is important to have the same IP address for multiple sessions when using
the AOL Instant Messaging (AIM) client. You create one session when you log in, and
another for each chat. For the AIM server to verify that a new chat belongs to an
authenticated user, it must match the source IP address of the login session with that of
the chat session. If they are different—possibly because they were randomly assigned
from a DIP pool during the NAT process—the AIM server rejects the chat session.
To ensure that the device assigns the same IP address from a DIP pool to a host for
multiple concurrent sessions, select DIP Translation Stickiness.
For more detailed explanation about configuring DIP options on security devices, see the
"Fundamentals" volume in the Concepts & Examples ScreenOS Reference Guide.
For details about creating a DIP group, see "Example: Configuring DIP Groups (NSM
Procedure)" on page 100.
Example: Configuring DDNS Settings (NSM Procedure) on page 106
Example: Configuring DNS Proxy Entries (NSM Procedure) on page 105
Chapter 3: Network Settings
109
Advertisement
Table of Contents
