Screen OS

 View Only
last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  Trusted zone to DMZ zone access

    Posted 09-10-2008 23:32

    Hi All-

     

    I have the following setup.

     

    Outside - x.x.x.x/29 

     

    DMZ - 192.168.100.0/24

     

    Trusted(INSIDE) 192.168.1.0/24

     

    I have MIP working from DMZ to Outside and Trusted to Outside and policies working correctly, no problems it's great!

     

    I want the INSIDE to access the DMZ as it's own IP address range though, not via PAT or NAT. Meaning I want the 192.168.100.x network to be accessed from the INSIDE as the 192.168.1.x.

     

    In the Cisco world, you can make a static mapping or NAT0 between the interfaces. Is there any functionality of inside of screenos that can do this? Or will I need to use address space of the DMZ zone with an IP nat pool?

     

     

     TIA

    Eric 

     



  • 2.  RE: Trusted zone to DMZ zone access
    Best Answer

    Posted 09-11-2008 01:34

    Hi

     

    Simply create policy from trust to DMZ zone with source  192.168.1.0/24 and destination 192.168.100.0/24 action permit.

     

    No further configuration is required.

     

    Thanks 



  • 3.  RE: Trusted zone to DMZ zone access

    Posted 09-11-2008 17:26

    Thanks! That was pretty simple.. 

     

    The only additional thing I had to do was add route for the DMZ on the trusted zone.

     

    Thanks for the quick reply.

     

     

    Cheers,

    Eric