Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - screenie.

Pages: [1]
1
NetScreen and SSG/ISG Series Firewalls / To nat travers or not
« on: August 30, 2008, 03:52:36 pm »
Hi,

Since mindwise is active again here I've got a nice question I think. Ofcourse I'm happy with anybody else's answer to!

A collegue of mine configured a VPN between his home and his hoby site, let's name it baywatch.

Both side SSG5/20 running 6.1r2.

Baywatchside has ADSL with Nating and portforwarding everything to firewall. Homeside is Cable so public IP on firewall.

VPN was configured ok, routebased with nat traversal enabled.

VPN's didn't come up. I debugged. Saw on home side messages with no user defined for VPN. Strange ofcourse because both side used static IP as auth. method. I debuged ike and saw the correct IP was comming in but not matched in config. Disabling NAT traversal resulted in the VPN comming up from baywatch to home. Not otherway around.

So enbled monitoring with rekey on BW side and VPN works.

But I can't explain the behaviour! Might ba a bug I think!

Who can explain this?

2
NetScreen and SSG/ISG Series Firewalls / Netscreen remote: active before login?
« on: June 24, 2008, 01:07:17 pm »
Hi,

does anyone know wether or not it's possible to activate Netscreen Remote with X-auth authentication before login in to the system?

3
Remote Access SSL VPN/UAC/MAG, Pulse, and SBR / Exam topics
« on: May 30, 2008, 08:35:17 am »
Hi,

I want to take the SSL specialist exam soon. Of course I know from the website what the covered topics are, but has anybody taken this exam yet and willing to tell what topics I should study most on ?  :-D

4
NetScreen and SSG/ISG Series Firewalls / Interface monitoring option in clusterconfig
« on: February 20, 2008, 07:05:50 am »
Hi,

in cases with Dual ISP I allways advise our customers to use monitoring and configure
tracking to upstream ISP device. This works well, interface goes down when upstream
connections fails.
Now I have a customer how wants this on two SSG 20's with extended license in cluster.
The option isn't there on interface when you enable clustering!. Of course you can do IP
tracking for a cluster failover, but that's not what I want. When the connection to an ISP
fails I want to deactivate the routes to this ISP and move to the fallback ISP routes.
Has anyone configured something like this? 

BTW its on SSG20 as I said with 5.4r8. I simulated it and the monitoring tab on int e0 disapears when you enable clustering.


5
DX, WX, and WXC platforms / Important DX info: EOL
« on: January 23, 2008, 07:35:42 am »
http://www.networkworld.com/news/2008/012208-juniper-app-acceleration-gear.html?nlhtspec=ts_012208&nladname=012208specialnl


6
Routers / ECMP in Junos ?
« on: January 10, 2008, 07:35:48 am »
Hi,

does anybody know if ECMP is available in JUNOS like in ScreenOS? If so how to enable it?

greetings,

7
Non-network / happy newyear!
« on: December 31, 2007, 06:05:33 pm »
I wish all my fellow juniper professionals a very happy and bug-free 2008!

Pages: [1]