Re: netcreen 25 dmz web servers
From: Somebody. (somebody._at_spamout.russdoucet.com)
Date: Sun, 30 Oct 2005 22:47:06 -0500
<email@example.com> wrote in message
> Atm i have running the trus t site of my company with internet accesss
> with no problrms, but now i want to be able to access to internet with
> my web servers in the Dmz zone, both web servers in the dmz have
> 10.0.0.x ip and for now they cant go out, i ll would aprecciate some to
> tips to be able to access to internet with this dmz servers and cant
> reach them from outside. I read some stuff bout MIP but i cant make
> this config run.
> thx in advice
Edit the untrust interface
Add the public IP that you're going to use (not the public IP of the NS25)
and the 10.x it's going to, save the MIP.
Create a policy from untrust -> trust from Any ip to the MIP. (NOT to the
10.x IP, to the MIP)
Now people can hit your web server from outside.
For it to get out (ie, patch updates, etc) you need to
Create an address book entry for the 10.x IP of the server
Create a policy from DMZ -> Untrust for 10.x IP, enable NAT in the advanced