[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 387
  • Last Modified:

Understanding my Netscreen 25

I have 9 remote offices, all on subnets (literally 10.20.1.x, 10.20.2.x, and so on).  Each office has a router.  I am trying to understand how these subnets are set up.  I have a router and test computer in my office and would like to set up another subnet in my office for practice.  I believe all the subnets are created and configured in my Netscreen 25 device.  This is certainly a newby question, but I'm responsible for each of these offices and I would like to know how the system is set up before anything goes wrong and I need to fix it.  Secondarily, if anyone knows of introductory material I can read on configuring subnets on Netscreen 25, I would appreciate it.
0
tomcurrier
Asked:
tomcurrier
  • 2
  • 2
1 Solution
 
deimarkCommented:
NS 25s are alomost end of life bud, however, if you can get me the version of screenos you are using I can get some material to help you put this together.

You can get the version number from the CLI by entering "get system"  Near the top will be a screenos version.

If you can also give a quick rundown on the physical interfaces on your NS25 as well please, just a rough ideas on how many you have connected and which nets are connected.

If you have remote offices here, I assume you are connecting to them via a VPN, hence allowing the access to the RFC 1918 addresses. Can you tell us a bit about the device on the other end of the VPN please?

DM
0
 
tomcurrierAuthor Commented:
Thank you

Version os NS25 is 4010 (0), if I read it correctly.  I get this from the WebUI.

There are 2 active Ethernets
Ethernet 1 is Trust with an IP which is the internal IP of the NS itself with a mask of \19
Ethernet 3 is Untrust with one of our External IP's with a mask of \28.

I can see 5 of our 8 remote offices under VPN/AutoKey Advanced/Gateway.  These 5 are listed with External IP's.  I'm guessing these IP's are also on the router at the location and that is how the VPN is set up.  Would that be correct?  As for the other 3 remote offices, I don't see how the connection is established.  My goal is to understand how these VPN's are set up and to be able to set up an additional one.
0
 
deimarkCommented:
OK, that makes more sense now.

Each of your remote offices must have a public address for the NS25 to connect to and set up your VPN.  As each of the offices have their own networks, ie in the 10.x.x.x range, we need a VPN to allow you to connect to each office securely.

If you can see 5 out of 8 of the offices in the gateway section, the last 3 must be configured in some other way, but the autokey IKE and gateway etc is likely to be the best option to you.

I have attached a VPN config doc for the version of screenos you mention here.  Bear in mind your version is quite old.  The NS25 can run up to Screenos 5.4 and I would certainly recommend going to that if you can.  5.4 has most of the bells and whistles that the latest version have, along with a much better interface and feature set from what you have the moment.

The VPN guide attached should give you a bit more info on the VPN set up and what info you need etc to do it, however, if you have any specific questions as to what you are looking to do, then let us know.

DM
ce-v4.pdf
0
 
tomcurrierAuthor Commented:
Your response was extremely helpful.  Many thanks.
0

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now