1

I've situation like below:enter image description here

I've only "14.14.14.0/30" ==> which is currently configured between "SRX300" and "ISP MUX". and we're in the process of migrating from 4th floor to ground floor.

without interrupting the operational work in 4th floor.,, is it possible to build the traffic flow from "Ground floor" to "ISP MUX" on the same IP address?

I think there might be ARP issues.. if I go ahead. can you please suggest how to make this work?

Thanks!!

Improve this question
2
  • That looks doable - what problems do you have? Have you got multiple public IP addresses or just one?
    – Zac67
    Commented Jun 17 at 18:53
  • only "/30" range we got.,details in the question diagram
    – Madhu Sudhan
    Commented Jun 22 at 18:12

1 Answer 1

Reset to default
0

You can't use your single public IP address in multiple places. If you can't get more addresses, you need to run the PA with private addresses throughout and put it 'behind' the SRX:

  1. Remove the WAN/ISP VLAN from the PA.
  2. Create a new VLAN on the switches for the link between the SRX and the PA. Connect only those to two routers to it. Set up private IP addresses between the SRX and PA.
  3. It's reasonable to only use source NAT on the SRX uplink, so remove it from the PA.
  4. On the SRX, create a static route for the private LAN behind the PA.
  5. Point the PA's default route to the SRX.
  6. Create rules on both firewalls to permit the desired traffic (LAN to Internet, LAN to LAN, ...).
Improve this answer

Not the answer you're looking for? Browse other questions tagged or ask your own question.