?
Solved

Hoew to creat VLAN in Juniper Netscreen 25?

Posted on 2009-05-20
5
Medium Priority
?
2,296 Views
Last Modified: 2012-06-22
I have one trust network with IP 172.16.X.X (LAN1) interface 1 and untrust network 212.1.195.11 (Internet access only) interface 2
i need to add new vlan to the juniper 172.15.X.X in interface 3 to connect the new LAN2 to our server in the old LAN1
0
Comment
Question by:AymanDasa
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 18

Accepted Solution

by:
Sanga Collins earned 1000 total points
ID: 24431097
If add the ip address 172.15.x.x to interface 3 and make sure both interfaces are in the same zone. They will be able to route to each other. You don't have to create a vlan to enable communication between both networks.

Post if you have any more questions.
0
 
LVL 2

Assisted Solution

by:sfrancy
sfrancy earned 80 total points
ID: 24434811
Sangamc is correct.  Make sure the switch port that you are using to connect your Juniper firewall is set for the right vlan and is in access mode.
0
 

Author Comment

by:AymanDasa
ID: 24461447
Dear sangamc , sfrancy

my router IP for LAN2 is 172.15.5.1
I create
eth1 172.16.2.2/16      Trust          -   UP   -
eth2   212.1.195.11/30  Untrust    -   UP   -
eth3  172.15.5.2/16      Trust         -   UP   -
eth4    0.0.0.0/0          Null       -   D   -
thin I try to ping from console in Juniper to my router

FW-> ping 172.15.5.2
Type escape sequence to abort
Sending 5, 100-byte ICMP Echos to 172.15.5.2, timeout is 1 seconds
!!!!!
Success Rate is 100 percent (5/5), round-trip time min/avg/max=1/2/3 ms

FW-> ping 172.15.5.1
Type escape sequence to abort
Sending 5, 100-byte ICMP Echos to 172.15.5.1, timeout is 1 seconds
!!!!!
Success Rate is 100 percent (5/5), round-trip time min/avg/max=2/2/2 ms
its nice news but the bad news when I try to ping from LAN1 to router



My PC IP is
C:\>ipconfig
Windows IP Configuration
Ethernet adapter Local Area Connection:
        Connection-specific DNS Suffix  . :
        IP Address. . . . . . . . . . . . : 172.16.2.32
        Subnet Mask . . . . . . . . . . . : 255.255.0.0
        Default Gateway . . . . . . . . . : 172.16.2.2
ping my default getaway
C:\>ping 172.16.2.2 -n 1
Pinging 172.16.2.2 with 32 bytes of data:
Reply from 172.16.2.2: bytes=32 time=1ms TTL=64
Ping statistics for 172.16.2.2:
    Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 1ms, Maximum = 1ms, Average = 1ms

ping the other default getaway
C:\>ping 172.15.5.2 -n 1
Pinging 172.15.5.2 with 32 bytes of data:
Reply from 172.15.5.2: bytes=32 time=1ms TTL=64
Ping statistics for 172.15.5.2:
    Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 1ms, Maximum = 1ms, Average = 1ms
now this is the problem whein I ping the router

C:\>ping 172.15.5.1 -n 1
Pinging 172.15.5.1 with 32 bytes of data:
Request timed out.
Ping statistics for 172.15.5.1:
    Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
so from console I can ping 172.15.5.1 but from my LAN1 I cannot?

their any policy to add or another configuration?





0
 
LVL 2

Assisted Solution

by:pradeepg1971
pradeepg1971 earned 920 total points
ID: 24461530

In router put: ip route 172.16.2.0 0.0.0.0 172.15.5.2

In Juniper:trust to trust is allowed by default. make sure no "deny" policy there.
**
Put policy for trust -trust
source:any
destination:any
service:any
permit and try.
**
Apart from this you can use policy based routing if you  need different external routes for each range.
0
 
LVL 18

Assisted Solution

by:Sanga Collins
Sanga Collins earned 1000 total points
ID: 24461666
is interface 2 'ping' enabled in service options?

when you create a new LAN in the juniper, options like ssh, telnet and ping are disabled bu default. form the console you will always be able to ping the interface as long as it has an ip and is status 'up', but from the LAN or the WAN service option 'ping' needs to be enabled for the ip to respond to icmp/ping requests.

let me know if this helps. you can also post a  sanitized config from your device for more trouble shooting assistance.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses
Course of the Month10 days, 17 hours left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question