Can you ping a VIP?

  • Hi-

    We have a client app (from the Public Internet) that is hitting a public-facing VIP on our netscreen, and various ports are reverse-NAT’d to a bunch of load-balancing IP addresses behind it.

    The problem we have is that the client app is tyring to ping the IP address of the “server” that it is connecting to, which is that VIP.  (It’s using the response info as a lame attempt at providing network performance info to the user).

    After looking through the docs and doing some searching, I’m getting the distinct impression that we can’t enable PING on a VIP.

    I’m also getting the idea that we can’t set up any kind of reverse-NAT for PING, so that if we ping the VIP it’ll forward the ping to one of the servers behind it.  Everything I’ve seen so far says that we can only reverse-NAT a TCP connection… not ICMP ECHO packets.

    Can anyone validate this for me?

    We’ve got 2 Netscreen-205’s running version 5.2

    Thanks in advance.


  • In short: No, you cannot ping a vip.

    Vip’s are portbased forwarding, a 1->many translation. This can only be done on tcp and udp because they are portbased (L4) icmp however is L3 (ip).

    If you want to do that without “spending” a MIP, you must use “nat-destination”