2 Subnets on 1 Interface w/ NetScreen 25

Posted on 2006-05-31
Medium Priority
Last Modified: 2008-02-01
Hi I'm running a NetScreen 25 w/ 5.3r2 software.

I have an existing subnet from my ISP that we outgrew. The ISP assigned us an additional subnet because no adjacent subnets are available. We have to keep both subnets because we have a ton of production equipment on the origonal subnet.

We have talked to Juniper and they told us this is possible using a Sub-Interface, but we haven't got it to work yet. The problem is I cannot find any documentation to provide me with details as to how it works.

As it stands now I have a sub-if with and IP on the new subnet. When I try to assign an address from the new subnet to a device, the device is unable to ping anything. Not the gateway, not another device on the same subnet, not a device on the origional subnet, and not on the internet. I think the problem must be an issue with the firewall understanding the subnet or maybe even a policy issue.

Thanks in advance,
Question by:newgentechnologies
  • 3
  • 3

Expert Comment

ID: 16811750
can't you just use an additional port on the 25?
like have 2 ports trust 2 ports untrust?

are we talking class c or b addresses? what's the subnet mask and 3rd octet?

Author Comment

ID: 16812286
No we need the other ports for other purposes and need both subnets accessable in the same zone.

Accepted Solution

jabiii earned 2000 total points
ID: 16812410
I'm not real sure which would be better for you, a secondary IP, or subinterface. But go to the Support page, and under technical docs, download the ce-all.pdf (oncepts & Examples ScreenOS Reference Guide: All volumes combined )

set int eth1.3 zone untrust
set int eth1.3 ip x.x.x.x/24 tag 3

basically it's interfaceDOT# and the rest is the same as if it where a physical
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.


Author Comment

ID: 16812429
I have sub interface ethernet2.1 which is in my DMZ zone along with my first subnet, and the link status is ready.

That's why I'm wondering if there's something to do with my policies or something.

Author Comment

ID: 16812564
The issue was that I should have been using a second IP not a sub interface.

Thanks jabiii

Expert Comment

ID: 16815921
cool :) glad you got it working, sorry I didn't respond to you afterwords, I had already left hehe

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
With just a little bit of  SQL and VBA, many doors open to cool things like synchronize a list box to display data relevant to other information on a form.  If you have never written code or looked at an SQL statement before, no problem! ...  give i…
Suggested Courses
Course of the Month14 days, 15 hours left to enroll

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question