Screen OS

 View Only
last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  Vip problem Status down

    Posted 03-17-2009 09:22

    hello i have an ssg with screenos 6.1.0r2 and i have configured 4 virtual routers.

    there are also 2 adsl interfaces in the untrust zone.

    i have configured several vips to  one adsl interface which all internal ip addresses belong to one virtual router

    and they are working as they should.

    the problem is when i tried to configure another vip pointing to an internal address belonging to another virtual router

    the status was down.the  Server Auto Detection is also enabled with no result what so ever.the policy from untrust to the appropriate zone is also configured.From the virtual router there is a default route pointing to the adsl interface where the vip is configured.

    Any hints on where to focus for the status down of the vip?

     



  • 2.  RE: Vip problem Status down
    Best Answer

    Posted 03-17-2009 12:26

    Hi

     

    The FW checks if a VIP is up or down by sending icmp echo request to the internal host.

     

    The VIP is down probably because the FW sending out the icmp via the default VR instead of the VR that you should be pointing to.

    Try setting a more specific route eg: set route X.X.X.X/32 vr X where X is the IP of the internal host and X is the VR where the host actually resides and see if the VIP will show up as up.



  • 3.  RE: Vip problem Status down

    Posted 03-18-2009 00:02

    I have configured the whole subnet to the default vr and worked.

    Thank you