Understanding my Netscreen 25

Posted on 2009-02-09
Last Modified: 2013-11-16
I have 9 remote offices, all on subnets (literally 10.20.1.x, 10.20.2.x, and so on).  Each office has a router.  I am trying to understand how these subnets are set up.  I have a router and test computer in my office and would like to set up another subnet in my office for practice.  I believe all the subnets are created and configured in my Netscreen 25 device.  This is certainly a newby question, but I'm responsible for each of these offices and I would like to know how the system is set up before anything goes wrong and I need to fix it.  Secondarily, if anyone knows of introductory material I can read on configuring subnets on Netscreen 25, I would appreciate it.
Question by:tomcurrier
    LVL 18

    Expert Comment

    NS 25s are alomost end of life bud, however, if you can get me the version of screenos you are using I can get some material to help you put this together.

    You can get the version number from the CLI by entering "get system"  Near the top will be a screenos version.

    If you can also give a quick rundown on the physical interfaces on your NS25 as well please, just a rough ideas on how many you have connected and which nets are connected.

    If you have remote offices here, I assume you are connecting to them via a VPN, hence allowing the access to the RFC 1918 addresses. Can you tell us a bit about the device on the other end of the VPN please?


    Author Comment

    Thank you

    Version os NS25 is 4010 (0), if I read it correctly.  I get this from the WebUI.

    There are 2 active Ethernets
    Ethernet 1 is Trust with an IP which is the internal IP of the NS itself with a mask of \19
    Ethernet 3 is Untrust with one of our External IP's with a mask of \28.

    I can see 5 of our 8 remote offices under VPN/AutoKey Advanced/Gateway.  These 5 are listed with External IP's.  I'm guessing these IP's are also on the router at the location and that is how the VPN is set up.  Would that be correct?  As for the other 3 remote offices, I don't see how the connection is established.  My goal is to understand how these VPN's are set up and to be able to set up an additional one.
    LVL 18

    Accepted Solution

    OK, that makes more sense now.

    Each of your remote offices must have a public address for the NS25 to connect to and set up your VPN.  As each of the offices have their own networks, ie in the 10.x.x.x range, we need a VPN to allow you to connect to each office securely.

    If you can see 5 out of 8 of the offices in the gateway section, the last 3 must be configured in some other way, but the autokey IKE and gateway etc is likely to be the best option to you.

    I have attached a VPN config doc for the version of screenos you mention here.  Bear in mind your version is quite old.  The NS25 can run up to Screenos 5.4 and I would certainly recommend going to that if you can.  5.4 has most of the bells and whistles that the latest version have, along with a much better interface and feature set from what you have the moment.

    The VPN guide attached should give you a bit more info on the VPN set up and what info you need etc to do it, however, if you have any specific questions as to what you are looking to do, then let us know.


    Author Closing Comment

    Your response was extremely helpful.  Many thanks.

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    Join & Write a Comment

    Suggested Solutions

    Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
    The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
    Internet Business Fax to Email Made Easy - With eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now