Configure Proxy ARP in Juniper SRX Gateway

Today I will show you how to configure proxy ARP in Juniper SRX Gateway. Well, why do you want to configure proxy arp? How do you configure proxy ARP? Today I will counter with these two questions.

Configure Proxy ARP in Juniper SRX Gateway

Lets say company A have 5 public IP addresses and a dedicated link. The company is small and has connected the link from ISP to the router as shown in the figure below. There are servers and clients under the switch. A new server called public web server is added in the network. The new web server needs to be accessed from internet. The requirement is to use unused public IP address and do NAT on router. But is it possible??

You might be thinking, if the link is directly connected to the router you won’t be able to use those other 4 IP address. So to use those available IP addresses you are now thinking subnetting is required or may be switch is required above router. But the company will not purchase any more device. In this case proxy ARP kicks in.

Proxy ARP

Lets say we will use other public IP address 198.18.10.3 for new web server, but where do we configure the IP address? Well, we will configure the IP address as proxy arp in ge-0/0/0 interface.

root@srx# set security nat proxy-arp interface ge-0/0/0 address 198.18.10.3

After configuring proxy arp lets do the destination NAT.

[edit security nat destination rule-set NatRule rule WebRule ]
root@srx# show
match {
destination-address 198.18.10.3/32;
destination-port 80
}
then {
destination-nat pool WebServer;
}

So, when a user from internet tries to access http://198.18.10.3, the request comes in to srx from ISP’s device. The ISP device ask for 198.18.10.3’s MAC address. SRX now replies to the ISPs device saying “I got the arp of 198.18.10.3” and sends the MAC address of ge-0/0/0 interface and  srx will now do destination NAT and the request goes to the web server and session establishes. In this way proxy ARP replies to the request of virtual IP eliminating the need for subinetting or adding new switch.

References

1. Configuring Proxy ARP on SRX-series Services Gateways
2. Scenario for configuring Proxy ARP on SRX

Bài liên quan

Configure SYSLOG server for Juniper SRX

JUNOS Software Naming Convention

Cấu hình EX8208 Virtual Chassis

VLAN Difference between Juniper and Cisco Switches

Understanding VLAN Trunking Protocol (VTP) in Cisco Switch

EdgeRouter – Site-to-Site IPsec VPN to Juniper SRX

Cisco Juniper Commands

Configure VRF in Cisco IOS Router

Configure Reth Interface in Junos (SRX)

LINK AGGREGATION – PART 4 (LAG CONFIGURATION ON ALCATEL-LUCENT DEVICES)

Configure MPLS IP on Cisco IOS Router

Setup PPPoE on SRX devices for internet ADSL

Configure HSRP in Cisco IOS Router

Tìm hiểu về IP Access Control Lists trên router Cisco

Configure DHCP Server in Juniper SRX Device

Upgrade and Backup JunOS Image of Juniper SRX Device

Block TOR Application in Juniper SRX

Configure a Cisco Router as a PPPoE Client for DSL connectivity using CLI

Understanding how MPLS Works in Cisco IOS Router

Configure Private VLANs in Juniper Switch

Configure eBGP in Cisco IOS Router

Configure DHCP Server for Multiple VLANs in JunOS

Juniper SRX IPsec LAN-to-LAN VPN Part 2

SRX cluster

Configure Route-based site2site VPN on Juniper SRX

prev next