Home | Articles | About | Contact | Forum |
Saturday, November 23, 2024



Lunarpages.com Web Hosting

Mailing List

E-mail:
By Joining the mailing list you will be notified of site updates.


Show Your Support For
This Site By Donating:











Audience: System Admins - I.T. Managers
Last Updated: 6/15/2011 2:17:25 PM
**All times are EST**





Public IPs and NAT on the same firewall

By Erik Rodriguez

Tags: public IP addresses plus NAT, Juniper NAT firewall setup, Juniper SSG zones, NAT zones on Juniper SSG, slash notation

The following article illustrates how to configure public IP address space plus NAT addresses on the same firewall. This is common in data center networks and other networks that require the use of public IP space with the protection of a firewall.

Introduction

In a previous article, I covered how to configure a firewall with public IP addresses on both the untrust and trust zones. However, sometimes it is desired to use both public IP space and NAT on the same firewall. This is done by using a larger allocation for the untrust or Internet facing interface. Some devices will allow you to add a secondary allocation to the untrust side as well. This setup is the same, only instead of a /30 we will use a /29. We will still need static routes setup but the difference here is that a /29 provides 4 other usable IP addresses that can be used for NAT. See the diagram below:

Show above, a /29 is used on the untrust (Internet facing) side. A /27 is used for the trust side and all IP addresses within the /27 are then routed through a single address from the /29 side. This leaves 4 other IP addresses from the /29 available to NAT other devices from another zone. This practice works well for things like private servers that do not need a public IP address directly. This setup is commonly used for development environments, management devices, or other network equipment such as switches or monitoring systems.


Contact Us

If you found this information useful, click the +1 button



Your E-mail:


Subject:


Type verification image:
verification image, type it in the box

Message:


NOTE: this form DOES NOT e-mail this article, it sends feedback to the author.




TCP vs. UDP
Juniper SRX anti-spam filtering config
Windows Server 2008 Clustering Configuration
Windows 2008 R2 Network Load Balancing (NLB)
Extreme Networks: Downloading new software image
Juniper SRX save config to USB drive
Juniper SRX logout sessions
Extreme Networks Syslog Configuration
Command line drive mapping
Neoscale vs. Decru
Data Security vs. Data Protection
Juniper SRX Cluster Configuration
HOWTO - Create VLAN on Extreme Switch
Using a Non-local Colocation Facility
Linux Server Administration
IT Chop Shops
Flow Viewers: SFLOW, NetFLOW, and JFLOW
Exchange 2007 Back Pressure
IPtables open port for specific IP
Politics in IT Departments
HOWTO - Block Dropbox
Cisco IOS Cheat Sheet
Subnet Cheat Sheet
Design a DMZ Network
How DNS works
Firewall Configuration
Juniper SSG Firewalls
Server Management
Configuring VLANs
Runlevels in Linux
Server Clustering
SONET Networks
The Red Hat Network
Server Colocation
Complicated Linux Servers
Dark Fiber
Data Center Network Design
Firewall Types
Colocation Bandwidth






Copyright © 2002-2016 Skullbox.Net All Rights Reserved.
A division of Orlando Tech Works, LLC
By using this site you agree to its Terms and Conditions.
Contact Erik Rodriguez