Virtual IP (Virtual IP Address) :
In JUNOS ScreenOS, VIP maps one external IP address and port to multiple IP addresses and ports. And also It can translate an external port with different internal ports. Based on the destination port number in the TCP or UDP segment VIP addresses map traffic received at one IP address to another address. Suppose if you have only one public IP address available, and want to host multiple servers, then VIP comes to play. VIP addresses the requirement of multiple private IP addresses with one public IP address. VIP is also called port forwarding.
As opposed to VIP , an MIP should be used when we have multiple public IP addresses, and want to host a single server to a single public IP.
The below scenario will help understand the concept of VIP and its configuration –
EXAMPLE OF VIP AS PORT FORWARDING
The customer has a secured set up in the HUB site and wants its mobile users over the Internet to access the Web Server, Mail Server, and FTP Server for Business-related work. Now, NetScreen Box at the HUB site will follow the following approach of NAT (VIP) such that requests for any of HTTP, FTP SMTP lands on the same Global IP, however, translates to Local IP address based on the destination port.
- An HTTP packet destined for 220.127.116.11:80 (that is, IP address 18.104.22.168 and port 80) will get mapped to a webserver at 22.214.171.124.
- An FTP packet destined for 126.96.36.199:21 will get mapped to an FTP server at 188.8.131.52.
- An SMTP packet destined for 184.108.40.206:25 will get mapped to a mail server at 220.127.116.11.
- The destination IP addresses are the same. The destination port numbers determine the host to which the security device forwards traffic
VIRTUAL IP FORWARDING TABLE
Note – Below configuration will be performed only for Web Server IP 18.104.22.168:80 –> 22.214.171.124.Translation for FTP and SMTP can be created by taking Web Server VIP configuration as reference.
WebUI Configuration on ScreenOS –
CLI CONFIGURATION ON SCREENOS –