Krocodile
asked on
Configuration help with Juniper SSG 20!
I am looking for some troubleshooting and configuration help on a Juniper Netscreen SSG 20. Here is my setup. I have a 2wire DSL modem provided by Qwest assigned a block of 8 (5 useable) static IP's. The 2wire is configured in un-numbered mode so that the public IP's can be assigned to other devices on the network that are plugged into the 2wire's switch. The 2wire automatically was given the gateway address of my static block. Plugged into the 2wire's switch is the Juniper Netscreen SSG 20, and in the configuration it is assigned one of the static IP's from my block on the Ethernet 0/0, and Ethernet 0/0 is plugged into one of the switch ports on the 2wire. Ethernet 0/0 is assigned to UNTRUST, and I have assigned Ethernet 0/1 0/2 0/3 to be part of a TRUST group called BGROUP0, and BGROUP0 is assigned a private IP address on my network. Also Ethernet 0/1, which is part of the BGROUP0, has a cable plugged from that port into a port on my network switch.
Now to my issue. With the configuration the way it is, I am able to browse the internet fine through the Juniper. However I created a policy (under the configuration Policies in the Juniper), that is supposed to take traffic from one of my other static IP addresses on the 2wire that is assigned to my block of 5 useable, and pass it through to one of the servers on my private network switch. The policy reads as such:
Untrust - 70.56.x.201/29 to Trust - 10.34.x.240/24 allow RDP,SMTP,POP3.
However, when I try to access the server using RDP from the outside, or SMTP for that matter, there is nothing. It would appear that the Juniper is not letting traffic pass from the Ethernet0/0 port into the Ethernet 0/1 port (or BGROUP0) into the private network. Even if I modify the policy to use any of the 5 useable static IP addresses I have been assigned, it still does not work so it's not specific to one IP.
Something I forgot to mention that is also part of my config. The PC's, and server's, instead of using the Juniper as it's default gateway, are using a Cisco 1700. In the configuration of the Cisco 1700, there is a route command that is passing traffic from the Cisco to the Juniper. The Cisco is mainly used for a T1 P2P between a remote office and ours.
One thing I should mention that I did as a troubleshooting step that's really got me baffled. Just out of curiousity, I went to whatismyip.com on one of my server's, and that server showed it was using 70.56.x.203 as it's IP address it is communicating out of. However, when I did the same from another server on the same network, whatismyip.com said I was using 70.56.x.201. I thought that a policy in the Juniper might have been causing this so I removed any policies I created, and this particular server still showed that IP address. Also like the Juniper has a one to one NAT statement, but I was unable to find this.
At this time, bottom line, no port porwarding is occurring, and we host our own email. So at this time we have a completely down email server and I need to find a solution immediately. Thank you very much for your assistance or any you can give, and please let me know if you need more information!
Now to my issue. With the configuration the way it is, I am able to browse the internet fine through the Juniper. However I created a policy (under the configuration Policies in the Juniper), that is supposed to take traffic from one of my other static IP addresses on the 2wire that is assigned to my block of 5 useable, and pass it through to one of the servers on my private network switch. The policy reads as such:
Untrust - 70.56.x.201/29 to Trust - 10.34.x.240/24 allow RDP,SMTP,POP3.
However, when I try to access the server using RDP from the outside, or SMTP for that matter, there is nothing. It would appear that the Juniper is not letting traffic pass from the Ethernet0/0 port into the Ethernet 0/1 port (or BGROUP0) into the private network. Even if I modify the policy to use any of the 5 useable static IP addresses I have been assigned, it still does not work so it's not specific to one IP.
Something I forgot to mention that is also part of my config. The PC's, and server's, instead of using the Juniper as it's default gateway, are using a Cisco 1700. In the configuration of the Cisco 1700, there is a route command that is passing traffic from the Cisco to the Juniper. The Cisco is mainly used for a T1 P2P between a remote office and ours.
One thing I should mention that I did as a troubleshooting step that's really got me baffled. Just out of curiousity, I went to whatismyip.com on one of my server's, and that server showed it was using 70.56.x.203 as it's IP address it is communicating out of. However, when I did the same from another server on the same network, whatismyip.com said I was using 70.56.x.201. I thought that a policy in the Juniper might have been causing this so I removed any policies I created, and this particular server still showed that IP address. Also like the Juniper has a one to one NAT statement, but I was unable to find this.
At this time, bottom line, no port porwarding is occurring, and we host our own email. So at this time we have a completely down email server and I need to find a solution immediately. Thank you very much for your assistance or any you can give, and please let me know if you need more information!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Thank you! am happy I was able to help. :)
ASKER