NSRP + BGP

[How to run the NSM GUI under Mac OS X]

How to run the NSM GUI under Mac OS X
How to setup a route-based VPN on a NetScreen
How to make your PPTP VPN client work through a NetScreen/SSG
Setting up a dial-up VPN and NetScreen Remote
How the Global Zone Works (It's probably not what you think)
How to configure NetScreen/SSG devices to work with the built in Mac OS X VPN client
How to Configure Dial-up VPN with route-based tunnels, XAuth, and use IPSecuritas

[10us]

Hi,

I try to find out if we can support redundant fiber (ethernet) access with two SSG-140's and without any routers in front of it. Preferable active/passive. I guess BGP should determine on the outside which node to use, but the inside should be full-mesh for the internal hosts to have a gateway. Somebody understand what I mean? 

Somebody any experience?

Cheers,

Martijn

[MaxPipeline]

Yes, this is all possible.  Refer to Concept and Examples (C&E)guides at www.juniper.net/techpubs/software/screenos/.  In particular review the High Availability guide.

[greg1c]

The SSG 140 running 5.4 code can do active/passive Failover, and with 6.0 you can do Active/Active.  The number of BGP routes is only 2,048 so you more than likely or only taking a default route.  So I would configure one SSG 140 how I wanted it and then add the HA to it.  The Active/Passive means the interfaces on the passive firewall are inactive until the firewall fails or an interface or tracked ip fails.

Greg

[screenie.]

Be carefull to use version 6. In 5.4 bgp (or ospf) is * * not * * synchronised by NSRP.

Then (just thinking about it, never tried it) place two fibre int in both devices. (just install a multiple fibre card in both)

Of course you need a public range of IP adress.

Configure BGP peers for both ISP's, only one works ofcoure, but in failover the otherone will work.
import only 0.0.0.0 export your public IP's, should work.

Becouse of changing outgoing interface sessions will die in failover, so configure a big preempt holddowntime! Also allow I acspect a minute or so for things to work again afterfailover. Just t5est it!

Bye.

•      Forum/Home
•      Store
•      Articles
•        Tech Articles
•        Industry News
•        Site News
•      Knowledgebase
•        JUNOS/Routing
•        NS/ISG/SSG/NSM
•        SSL VPN
•      Downloads

Please consider donating if we've saved you time or money. It helps pay for the bandwidth, equipment, and hosting charges to keep this site running

Submit Article/KB - Do not submit questions here.

[Today]

• www.nikeaaashoes.com.cn s... by kelly110 [Today at 01:58:21 PM]
• www. nikeaaashoes.com.cn ... by kelly110 [Today at 01:55:29 PM]
• www. nikeaaashoes.com.cn ... by kelly110 [Today at 01:53:25 PM]
• www. nikeaaashoes.com.cn ... by kelly110 [Today at 01:52:19 PM]
• www.nikeaaashoes.com.cn s... by kelly110 [Today at 01:49:14 PM]
• www.nikeaaashoes.com.cn s... by kelly110 [Today at 01:42:22 PM]
• www. nikeaaashoes.com.cn ... by kelly110 [Today at 01:23:43 PM]
• www. nikeaaashoes.com.cn ... by kelly110 [Today at 01:21:58 PM]
• www.holesale shoes clothe... by kelly110 [Today at 01:21:15 PM]
• www. nikeaaashoes.com.cn ... by kelly110 [Today at 01:20:08 PM]

Members

• Total Members: 22551
• Latest: barneb01

Stats

• Total Posts: 40719
• Total Topics: 11389
• Online Today: 82
• Online Ever: 393
• (August 06, 2008, 07:40:57 AM)

Users Online

Users: 1
Guests: 48
Total: 49

aweck