Solved

Hoew to creat VLAN in Juniper Netscreen 25?

Posted on 2009-05-20
5
2,285 Views
Last Modified: 2012-06-22
I have one trust network with IP 172.16.X.X (LAN1) interface 1 and untrust network 212.1.195.11 (Internet access only) interface 2
i need to add new vlan to the juniper 172.15.X.X in interface 3 to connect the new LAN2 to our server in the old LAN1
0
Comment
Question by:AymanDasa
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 18

Accepted Solution

by:
Sanga Collins earned 250 total points
ID: 24431097
If add the ip address 172.15.x.x to interface 3 and make sure both interfaces are in the same zone. They will be able to route to each other. You don't have to create a vlan to enable communication between both networks.

Post if you have any more questions.
0
 
LVL 2

Assisted Solution

by:sfrancy
sfrancy earned 20 total points
ID: 24434811
Sangamc is correct.  Make sure the switch port that you are using to connect your Juniper firewall is set for the right vlan and is in access mode.
0
 

Author Comment

by:AymanDasa
ID: 24461447
Dear sangamc , sfrancy

my router IP for LAN2 is 172.15.5.1
I create
eth1 172.16.2.2/16      Trust          -   UP   -
eth2   212.1.195.11/30  Untrust    -   UP   -
eth3  172.15.5.2/16      Trust         -   UP   -
eth4    0.0.0.0/0          Null       -   D   -
thin I try to ping from console in Juniper to my router

FW-> ping 172.15.5.2
Type escape sequence to abort
Sending 5, 100-byte ICMP Echos to 172.15.5.2, timeout is 1 seconds
!!!!!
Success Rate is 100 percent (5/5), round-trip time min/avg/max=1/2/3 ms

FW-> ping 172.15.5.1
Type escape sequence to abort
Sending 5, 100-byte ICMP Echos to 172.15.5.1, timeout is 1 seconds
!!!!!
Success Rate is 100 percent (5/5), round-trip time min/avg/max=2/2/2 ms
its nice news but the bad news when I try to ping from LAN1 to router



My PC IP is
C:\>ipconfig
Windows IP Configuration
Ethernet adapter Local Area Connection:
        Connection-specific DNS Suffix  . :
        IP Address. . . . . . . . . . . . : 172.16.2.32
        Subnet Mask . . . . . . . . . . . : 255.255.0.0
        Default Gateway . . . . . . . . . : 172.16.2.2
ping my default getaway
C:\>ping 172.16.2.2 -n 1
Pinging 172.16.2.2 with 32 bytes of data:
Reply from 172.16.2.2: bytes=32 time=1ms TTL=64
Ping statistics for 172.16.2.2:
    Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 1ms, Maximum = 1ms, Average = 1ms

ping the other default getaway
C:\>ping 172.15.5.2 -n 1
Pinging 172.15.5.2 with 32 bytes of data:
Reply from 172.15.5.2: bytes=32 time=1ms TTL=64
Ping statistics for 172.15.5.2:
    Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 1ms, Maximum = 1ms, Average = 1ms
now this is the problem whein I ping the router

C:\>ping 172.15.5.1 -n 1
Pinging 172.15.5.1 with 32 bytes of data:
Request timed out.
Ping statistics for 172.15.5.1:
    Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
so from console I can ping 172.15.5.1 but from my LAN1 I cannot?

their any policy to add or another configuration?





0
 
LVL 2

Assisted Solution

by:pradeepg1971
pradeepg1971 earned 230 total points
ID: 24461530

In router put: ip route 172.16.2.0 0.0.0.0 172.15.5.2

In Juniper:trust to trust is allowed by default. make sure no "deny" policy there.
**
Put policy for trust -trust
source:any
destination:any
service:any
permit and try.
**
Apart from this you can use policy based routing if you  need different external routes for each range.
0
 
LVL 18

Assisted Solution

by:Sanga Collins
Sanga Collins earned 250 total points
ID: 24461666
is interface 2 'ping' enabled in service options?

when you create a new LAN in the juniper, options like ssh, telnet and ping are disabled bu default. form the console you will always be able to ping the interface as long as it has an ip and is status 'up', but from the LAN or the WAN service option 'ping' needs to be enabled for the ip to respond to icmp/ping requests.

let me know if this helps. you can also post a  sanitized config from your device for more trouble shooting assistance.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question