Two Wan links

[How to run the NSM GUI under Mac OS X]

How to run the NSM GUI under Mac OS X
How to setup a route-based VPN on a NetScreen
How to make your PPTP VPN client work through a NetScreen/SSG
Setting up a dial-up VPN and NetScreen Remote
How the Global Zone Works (It's probably not what you think)
How to configure NetScreen/SSG devices to work with the built in Mac OS X VPN client
How to Configure Dial-up VPN with route-based tunnels, XAuth, and use IPSecuritas

[GDSA]

Hi,

Currently I had Two links coming on a single Ethernet cable , One for Internet traffic and Second is MPLS vpn Network for branch offices. Both had separate gateways and Subnets…..

At present it is configured on Cisco 2800 router and two Vlans are configured on Single Wan Interface to separate the traffic of both the network and static routs are configured for the flow of  traffic as required.

But now I am removing the Cisco Router and replacing it with SSG 20 Appliance. But I am getting confused with its options on its Untreated Interfaces and Vlans. I tried to Separate the Traffic by configuring Sub-Interfaces on Wan Port , But it did not worked….

Can any one suggest Best method to Configure SSG 20 and the configuration steps to separate the Wan traffic on a single Interface as done on Cisco Router….

[wpj]

I would use VLAN tags and subinterfaces..

[screenie.]

So would I! But: don' t forget to set the subinterface as outgoing interface for routes, including default route. Otherwise the traffic won't be tagged.

[GDSA]

Thnx for the reply...

i had tried to create the sub interfaces and assign the Routs accordingly. Buy the sub interfaces didnt allowed to send the data outside. Does Sub-Interfaces require some separate licenses to work...?

[screenie.]

No, no additinonal license needed. Did you make sure you created them in the untrust zone? If I recall well trust is the default.

[GDSA]

can u please upload the complete procedure to configure VLANs and Sub interfaces

[Packet7]

Hi,

What version of ScreenOS are you running?  I don't think subinterfaces in the untrust zone is support in 5.x.  However, the C&E for 6.x mentions any zone.

Rgds,

John

[wpj]

I have been able to use subinterfaces in 4.0 code so they have been there

[thebull]

Bro,

I would suggest to create Zone for two Internet connections, which will help you to define the rules and routing.

I will send the link later for configuring zones on interfaces.

[screenie.]

The procedure for a sub int:

set int e1.1 tag 10 zone (un)trust
set int e1.1 ip ..../..

Nothing fancy about it!!

In 5.3 you where allready free to chose any zone for the subint.

•      Forum/Home
•      Store
•      Articles
•        Tech Articles
•        Industry News
•        Site News
•      Knowledgebase
•        JUNOS/Routing
•        NS/ISG/SSG/NSM
•        SSL VPN
•      Downloads

Please consider donating if we've saved you time or money. It helps pay for the bandwidth, equipment, and hosting charges to keep this site running

Submit Article/KB - Do not submit questions here.

[Today]

• Screening Spam by Joe Vallender [Today at 07:03:09 AM]
• Intrazone Policies by mknll [Today at 06:34:20 AM]
• Two ISPs and one DMZ by mulopaari2 [Today at 06:21:05 AM]
• Problem logging into my n... by fujisan [Today at 04:51:24 AM]
• VPN to cisco pix with two... by Watcher60 [Today at 04:38:27 AM]
• www.nikeincome.com cheap ... by xu_zhongying100 [Today at 02:30:17 AM]
• www.nikeincome.com cheap ... by xu_zhongying100 [Today at 02:29:08 AM]
• www.nikeincome.com cheap ... by xu_zhongying100 [Today at 02:27:32 AM]
• sell nike jordan fusion ... by xu_zhongying100 [Today at 02:25:15 AM]
• sell nike jordan fusion ... by xu_zhongying100 [Today at 02:22:32 AM]

Members

• Total Members: 22514
• Latest: Deepy

Stats

• Total Posts: 40575
• Total Topics: 11249
• Online Today: 77
• Online Ever: 393
• (August 06, 2008, 07:40:57 AM)

Users Online

Users: 3
Guests: 57
Total: 60

StefanS
federico.basso
mky2