• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2338
  • Last Modified:

Hoew to creat VLAN in Juniper Netscreen 25?

I have one trust network with IP 172.16.X.X (LAN1) interface 1 and untrust network 212.1.195.11 (Internet access only) interface 2
i need to add new vlan to the juniper 172.15.X.X in interface 3 to connect the new LAN2 to our server in the old LAN1
0
AymanDasa
Asked:
AymanDasa
4 Solutions
 
Sanga CollinsSystems AdminCommented:
If add the ip address 172.15.x.x to interface 3 and make sure both interfaces are in the same zone. They will be able to route to each other. You don't have to create a vlan to enable communication between both networks.

Post if you have any more questions.
0
 
sfrancyCommented:
Sangamc is correct.  Make sure the switch port that you are using to connect your Juniper firewall is set for the right vlan and is in access mode.
0
 
AymanDasaAuthor Commented:
Dear sangamc , sfrancy

my router IP for LAN2 is 172.15.5.1
I create
eth1 172.16.2.2/16      Trust          -   UP   -
eth2   212.1.195.11/30  Untrust    -   UP   -
eth3  172.15.5.2/16      Trust         -   UP   -
eth4    0.0.0.0/0          Null       -   D   -
thin I try to ping from console in Juniper to my router

FW-> ping 172.15.5.2
Type escape sequence to abort
Sending 5, 100-byte ICMP Echos to 172.15.5.2, timeout is 1 seconds
!!!!!
Success Rate is 100 percent (5/5), round-trip time min/avg/max=1/2/3 ms

FW-> ping 172.15.5.1
Type escape sequence to abort
Sending 5, 100-byte ICMP Echos to 172.15.5.1, timeout is 1 seconds
!!!!!
Success Rate is 100 percent (5/5), round-trip time min/avg/max=2/2/2 ms
its nice news but the bad news when I try to ping from LAN1 to router



My PC IP is
C:\>ipconfig
Windows IP Configuration
Ethernet adapter Local Area Connection:
        Connection-specific DNS Suffix  . :
        IP Address. . . . . . . . . . . . : 172.16.2.32
        Subnet Mask . . . . . . . . . . . : 255.255.0.0
        Default Gateway . . . . . . . . . : 172.16.2.2
ping my default getaway
C:\>ping 172.16.2.2 -n 1
Pinging 172.16.2.2 with 32 bytes of data:
Reply from 172.16.2.2: bytes=32 time=1ms TTL=64
Ping statistics for 172.16.2.2:
    Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 1ms, Maximum = 1ms, Average = 1ms

ping the other default getaway
C:\>ping 172.15.5.2 -n 1
Pinging 172.15.5.2 with 32 bytes of data:
Reply from 172.15.5.2: bytes=32 time=1ms TTL=64
Ping statistics for 172.15.5.2:
    Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 1ms, Maximum = 1ms, Average = 1ms
now this is the problem whein I ping the router

C:\>ping 172.15.5.1 -n 1
Pinging 172.15.5.1 with 32 bytes of data:
Request timed out.
Ping statistics for 172.15.5.1:
    Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
so from console I can ping 172.15.5.1 but from my LAN1 I cannot?

their any policy to add or another configuration?





0
 
pradeepg1971Commented:

In router put: ip route 172.16.2.0 0.0.0.0 172.15.5.2

In Juniper:trust to trust is allowed by default. make sure no "deny" policy there.
**
Put policy for trust -trust
source:any
destination:any
service:any
permit and try.
**
Apart from this you can use policy based routing if you  need different external routes for each range.
0
 
Sanga CollinsSystems AdminCommented:
is interface 2 'ping' enabled in service options?

when you create a new LAN in the juniper, options like ssh, telnet and ping are disabled bu default. form the console you will always be able to ping the interface as long as it has an ip and is status 'up', but from the LAN or the WAN service option 'ping' needs to be enabled for the ip to respond to icmp/ping requests.

let me know if this helps. you can also post a  sanitized config from your device for more trouble shooting assistance.
0

Featured Post

What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now