Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - screenie.

Pages: 1 2 [3] 4 5 6 7 8 ... 66
41
NetScreen and SSG/ISG Series Firewalls / Re: SNAT in SSG-140
« on: December 30, 2010, 10:56:10 am »
I'm a bit out of ideas. Maybe combine source and destination natting in policies, let go of mip and vip ?

42
NetScreen and SSG/ISG Series Firewalls / Re: SNAT in SSG-140
« on: December 28, 2010, 10:21:14 am »
Yes, I was think overlapping a MIP with a DIP might be seen as subnet conflict. Carefull when you set ignore, device stop checking conflicts when configuring it.

43
NetScreen and SSG/ISG Series Firewalls / Re: SNAT in SSG-140
« on: December 28, 2010, 07:45:34 am »
Yes, but is dirty. Try setting ingnore subnet conflict on trust-vr.

44
NetScreen and SSG/ISG Series Firewalls / Re: SNAT in SSG-140
« on: December 27, 2010, 12:22:22 pm »
Can't you define a dip pool with one address overlaping with the MIP? Never tried.

45
NetScreen and SSG/ISG Series Firewalls / Re: SNAT in SSG-140
« on: December 27, 2010, 08:16:43 am »
Best is to put the second SMTP server on an other address with a second MIP and put a second MX record for this in your DNS tables.

46
NetScreen and SSG/ISG Series Firewalls / Re: Reverse Natting ssg140
« on: December 26, 2010, 03:54:55 am »
You can do a range translation, but I never tried what happens with highr range. Son't know about resourve alocation. I think you need a source nat with a range reading your description.

PS just removed the spame post you're answering to in the second post.

47
Switches / Re: Juniper Ex 4200 switch....
« on: December 20, 2010, 05:03:29 pm »
Create two routing tables and place the vlan interfaces in it! That's all I think.

root# show routing-instances
routing-instances
 {
    instance-type virtual-router;
    interface vlan.101;
}

From top level in edit mode: set routing-instances vlan101 instance-type virtual-router interface vlan.101

Repeat for other vlan and commit.

48
NetScreen and SSG/ISG Series Firewalls / Re: Ipsec VPN with MIPS
« on: December 19, 2010, 01:36:30 pm »
It's allways the other end isn't it ?

49
SRX Platform and J-series / Re: Proxy IGMP on SRX100
« on: December 19, 2010, 01:34:57 pm »
Hi,

I found something on page 114 in this guide: http://www.juniper.net/techpubs/en_US/junos10.4/information-products/topic-collections/security/software-all/routing/junos-security-swconfig-routing-protocols-and-policies.pdf . On top of this you should add igmp as allowed hist-inbound-traffic on zone ot interface level I read somewhere else. Can't give more detailed info I'm afraid, didn't play with it myself.

50
SRX Platform and J-series / Re: STATIC NAT
« on: December 13, 2010, 01:40:41 pm »
You can configure this under security nat static.  Set proxy arp and it should work! Don't forget to set security policies as well.

51
SRX Platform and J-series / Re: STATIC NAT
« on: December 08, 2010, 04:27:55 pm »
destination nat rules frp, trust to untrust and proxy arp for .10 .20 .30 should do it if I understand you well.

52
NetScreen and SSG/ISG Series Firewalls / Re: ScreenOS Updates
« on: December 06, 2010, 03:59:22 pm »
Yes: you need a support contract to obtain it legaly.

53
If only B is a juniper you're in trouble. You need to match the proxy-ID to the source addresses in that case I think.

54
No, that should be it. Only thing to remark is to leave the proxy id's alone. On routebased juniper to routebased juniper you don't fill thim in. When both sides are all zeros they match and phase II can party. Don't know what happens when you do use proxy id's and the source is not within the range of the proxy id. Interesting to find out!!

55
A needs set a route to reach C to B and C needs to set a rout to reach A to B. on B you you need a policy to allow the traffic. A and C need both to be route based VPN for this config to work.

56
NetScreen and SSG/ISG Series Firewalls / Re: redundant interface on SSG5
« on: December 02, 2010, 07:50:36 am »
I think only the ISG;s and NS 5K support this. Alternative might be L3 redudancy. OSPF with different costs or VRRP. Didn't try the last one, dont't know if it's possible to place two interfaces from one device in a VRRP group.

57
SRX Platform and J-series / Re: Branch series upgrade
« on: November 29, 2010, 04:36:54 pm »
You can force a status per redudancy group. Something like set chassis cluster redundancygroup nr ......
Forgot the exact syntac, no srx available right now.

58
SRX Platform and J-series / Re: SRX-240 firewalling in routed mode?
« on: November 29, 2010, 04:34:31 pm »
Sure you can, The SRX is beside a firewall, a feature rich router! It's all a bout planning the subnets. Layer2 mode (transparent) is * not * supported.

59
NSM / Re: enabling Multicast in ISG2000 using NSM
« on: November 23, 2010, 03:36:40 pm »
What does a debug flow basic says about this?

60
Routers / Re: Telnet port 25 block NS50
« on: November 23, 2010, 03:31:48 pm »
Set policy from zone to zone any any smtp permit should allow the traffic. Maybe you can post a debug output:

set ff dst-ip <ip smtp server>
debug flow basic
try a connection
undebug all
get db stream

Pages: 1 2 [3] 4 5 6 7 8 ... 66