Juniper ScreenOS platform supports Source NAT as well as Destination NAT and hence utilizes following terminologies – MIP , VIP and DIP.
The abbreviation for each term is –
- Mapped IP (MIP)
- Virtual IP (VIP)
- Dynamic IP (DIP)
An MIP maps one external IP address to one internal IP address and does not alter the port information. A VIP maps one external IP address and one external port to a multiple number of possible IP addresses and ports. It can also translate external port to same or different internal port. DIP can enable policy-based NAT, and NAT, before VPN encapsulation; in which overlapping private IP addresses exist in a VPN network. Notable is that VIP and DIP is unidirectional whereas MIP is bidirectional.
Below comparison table will differentiate between MIP,VIP and DIP terms used in ScreenOS –
PARAMETER |
MIP |
VIP |
DIP |
|---|---|---|---|
| Philosophy | A one-to-one mapping of one address to another. a | A virtual IP (VIP) address maps traffic received at one IP address to another address based on the destination port number in the TCP or UDP protocol s | A dynamic IP (DIP) address pool is a range of IP addresses from which the device can dynamically take addresses to use when performing NAT on the source IP address of outgoing or incoming IP packets. |
| NAT Type | Destination NAT and Source NAT | Destination NAT | Source NAT |
| Usage | Static NAT to/from Servers | Outgoing NAT instead of using egress Interface IP | Port forwarding to Servers |
| Port usage | No | Yes | Yes |
| Mapping Type | One-to-One | One-to-Many | One-to-Many and Many-to-One |
| Flow Direction | Bidirectional.Traffic can be initiated from inside source or Outside Source | Unidirectional.Traffic can be initiated from inside source only for VIP to take effect | Unidirectional.Traffic can be initiated from outside source only for DIP to take effect |
References –
https://kb.juniper.net/InfoCenter/index?page=content&id=KB6085
