[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Hoew to creat VLAN in Juniper Netscreen 25?

Posted on 2009-05-20
5
Medium Priority
?
2,310 Views
Last Modified: 2012-06-22
I have one trust network with IP 172.16.X.X (LAN1) interface 1 and untrust network 212.1.195.11 (Internet access only) interface 2
i need to add new vlan to the juniper 172.15.X.X in interface 3 to connect the new LAN2 to our server in the old LAN1
0
Comment
Question by:AymanDasa
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 18

Accepted Solution

by:
Sanga Collins earned 1000 total points
ID: 24431097
If add the ip address 172.15.x.x to interface 3 and make sure both interfaces are in the same zone. They will be able to route to each other. You don't have to create a vlan to enable communication between both networks.

Post if you have any more questions.
0
 
LVL 2

Assisted Solution

by:sfrancy
sfrancy earned 80 total points
ID: 24434811
Sangamc is correct.  Make sure the switch port that you are using to connect your Juniper firewall is set for the right vlan and is in access mode.
0
 

Author Comment

by:AymanDasa
ID: 24461447
Dear sangamc , sfrancy

my router IP for LAN2 is 172.15.5.1
I create
eth1 172.16.2.2/16      Trust          -   UP   -
eth2   212.1.195.11/30  Untrust    -   UP   -
eth3  172.15.5.2/16      Trust         -   UP   -
eth4    0.0.0.0/0          Null       -   D   -
thin I try to ping from console in Juniper to my router

FW-> ping 172.15.5.2
Type escape sequence to abort
Sending 5, 100-byte ICMP Echos to 172.15.5.2, timeout is 1 seconds
!!!!!
Success Rate is 100 percent (5/5), round-trip time min/avg/max=1/2/3 ms

FW-> ping 172.15.5.1
Type escape sequence to abort
Sending 5, 100-byte ICMP Echos to 172.15.5.1, timeout is 1 seconds
!!!!!
Success Rate is 100 percent (5/5), round-trip time min/avg/max=2/2/2 ms
its nice news but the bad news when I try to ping from LAN1 to router



My PC IP is
C:\>ipconfig
Windows IP Configuration
Ethernet adapter Local Area Connection:
        Connection-specific DNS Suffix  . :
        IP Address. . . . . . . . . . . . : 172.16.2.32
        Subnet Mask . . . . . . . . . . . : 255.255.0.0
        Default Gateway . . . . . . . . . : 172.16.2.2
ping my default getaway
C:\>ping 172.16.2.2 -n 1
Pinging 172.16.2.2 with 32 bytes of data:
Reply from 172.16.2.2: bytes=32 time=1ms TTL=64
Ping statistics for 172.16.2.2:
    Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 1ms, Maximum = 1ms, Average = 1ms

ping the other default getaway
C:\>ping 172.15.5.2 -n 1
Pinging 172.15.5.2 with 32 bytes of data:
Reply from 172.15.5.2: bytes=32 time=1ms TTL=64
Ping statistics for 172.15.5.2:
    Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 1ms, Maximum = 1ms, Average = 1ms
now this is the problem whein I ping the router

C:\>ping 172.15.5.1 -n 1
Pinging 172.15.5.1 with 32 bytes of data:
Request timed out.
Ping statistics for 172.15.5.1:
    Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
so from console I can ping 172.15.5.1 but from my LAN1 I cannot?

their any policy to add or another configuration?





0
 
LVL 2

Assisted Solution

by:pradeepg1971
pradeepg1971 earned 920 total points
ID: 24461530

In router put: ip route 172.16.2.0 0.0.0.0 172.15.5.2

In Juniper:trust to trust is allowed by default. make sure no "deny" policy there.
**
Put policy for trust -trust
source:any
destination:any
service:any
permit and try.
**
Apart from this you can use policy based routing if you  need different external routes for each range.
0
 
LVL 18

Assisted Solution

by:Sanga Collins
Sanga Collins earned 1000 total points
ID: 24461666
is interface 2 'ping' enabled in service options?

when you create a new LAN in the juniper, options like ssh, telnet and ping are disabled bu default. form the console you will always be able to ping the interface as long as it has an ip and is status 'up', but from the LAN or the WAN service option 'ping' needs to be enabled for the ip to respond to icmp/ping requests.

let me know if this helps. you can also post a  sanitized config from your device for more trouble shooting assistance.
0

Featured Post

Plesk WordPress Toolkit

Plesk's WordPress Toolkit allows server administrators, resellers and customers to manage their WordPress instances, enabling a variety of development workflows for WordPress admins of all skill levels, from beginners to pros.

See why 2/3 of Plesk servers use it.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question