There is no way to do this, the nature of a DIP is for outbound traffic
only. It's not designed for outside in traffic. You can use MIPs for
inbound traffic. Fortunately, if you send outbound traffic from the
MIP'd host, the session will be NAT'd to the MIP address.
/dh
Jason Parsons wrote:
> We have a DIP set up as such:
>
> set interface "ethernet1/2" zone "Untrust"
>
> set interface ethernet1/2 ip x.x.x.1/24
> set interface ethernet1/2 route
> set interface ethernet1/2 manage ping
>
> set interface ethernet1/2 dip 18 x.x.x.3 x.x.x.3
>
> We then have a policy allowing traffic outbound via this DIP:
>
> set policy id 30 from "Production" to "Untrust" "10.0.0.0/24" "Any" "HTTP"
> nat src dip-id 18 permit
> set policy id 30
> exit
>
> This works perfectly for outbound traffic. However, for troubleshooting
> purposes, we would like the outside world to be able to ping the DIP (ie,
> x.x.x.3). Is there any easy (or hard) way to do this? Turning on 'manage
> ping' for the "parent" interface seems to have no impact on the DIPs.
>
> Thank you.
> - Jason Parsons
>
>
> _______________________________________________
> nn mailing list
> nn@qorbit.net
> http://qorbit.net/mailman/listinfo/nn
>
>
>
_______________________________________________
nn mailing list
nn@qorbit.net
http://qorbit.net/mailman/listinfo/nn
|