Solved

Hoew to creat VLAN in Juniper Netscreen 25?

Posted on 2009-05-20
5
2,274 Views
Last Modified: 2012-06-22
I have one trust network with IP 172.16.X.X (LAN1) interface 1 and untrust network 212.1.195.11 (Internet access only) interface 2
i need to add new vlan to the juniper 172.15.X.X in interface 3 to connect the new LAN2 to our server in the old LAN1
0
Comment
Question by:AymanDasa
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 18

Accepted Solution

by:
Sanga Collins earned 250 total points
ID: 24431097
If add the ip address 172.15.x.x to interface 3 and make sure both interfaces are in the same zone. They will be able to route to each other. You don't have to create a vlan to enable communication between both networks.

Post if you have any more questions.
0
 
LVL 2

Assisted Solution

by:sfrancy
sfrancy earned 20 total points
ID: 24434811
Sangamc is correct.  Make sure the switch port that you are using to connect your Juniper firewall is set for the right vlan and is in access mode.
0
 

Author Comment

by:AymanDasa
ID: 24461447
Dear sangamc , sfrancy

my router IP for LAN2 is 172.15.5.1
I create
eth1 172.16.2.2/16      Trust          -   UP   -
eth2   212.1.195.11/30  Untrust    -   UP   -
eth3  172.15.5.2/16      Trust         -   UP   -
eth4    0.0.0.0/0          Null       -   D   -
thin I try to ping from console in Juniper to my router

FW-> ping 172.15.5.2
Type escape sequence to abort
Sending 5, 100-byte ICMP Echos to 172.15.5.2, timeout is 1 seconds
!!!!!
Success Rate is 100 percent (5/5), round-trip time min/avg/max=1/2/3 ms

FW-> ping 172.15.5.1
Type escape sequence to abort
Sending 5, 100-byte ICMP Echos to 172.15.5.1, timeout is 1 seconds
!!!!!
Success Rate is 100 percent (5/5), round-trip time min/avg/max=2/2/2 ms
its nice news but the bad news when I try to ping from LAN1 to router



My PC IP is
C:\>ipconfig
Windows IP Configuration
Ethernet adapter Local Area Connection:
        Connection-specific DNS Suffix  . :
        IP Address. . . . . . . . . . . . : 172.16.2.32
        Subnet Mask . . . . . . . . . . . : 255.255.0.0
        Default Gateway . . . . . . . . . : 172.16.2.2
ping my default getaway
C:\>ping 172.16.2.2 -n 1
Pinging 172.16.2.2 with 32 bytes of data:
Reply from 172.16.2.2: bytes=32 time=1ms TTL=64
Ping statistics for 172.16.2.2:
    Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 1ms, Maximum = 1ms, Average = 1ms

ping the other default getaway
C:\>ping 172.15.5.2 -n 1
Pinging 172.15.5.2 with 32 bytes of data:
Reply from 172.15.5.2: bytes=32 time=1ms TTL=64
Ping statistics for 172.15.5.2:
    Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 1ms, Maximum = 1ms, Average = 1ms
now this is the problem whein I ping the router

C:\>ping 172.15.5.1 -n 1
Pinging 172.15.5.1 with 32 bytes of data:
Request timed out.
Ping statistics for 172.15.5.1:
    Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
so from console I can ping 172.15.5.1 but from my LAN1 I cannot?

their any policy to add or another configuration?





0
 
LVL 2

Assisted Solution

by:pradeepg1971
pradeepg1971 earned 230 total points
ID: 24461530

In router put: ip route 172.16.2.0 0.0.0.0 172.15.5.2

In Juniper:trust to trust is allowed by default. make sure no "deny" policy there.
**
Put policy for trust -trust
source:any
destination:any
service:any
permit and try.
**
Apart from this you can use policy based routing if you  need different external routes for each range.
0
 
LVL 18

Assisted Solution

by:Sanga Collins
Sanga Collins earned 250 total points
ID: 24461666
is interface 2 'ping' enabled in service options?

when you create a new LAN in the juniper, options like ssh, telnet and ping are disabled bu default. form the console you will always be able to ping the interface as long as it has an ip and is status 'up', but from the LAN or the WAN service option 'ping' needs to be enabled for the ip to respond to icmp/ping requests.

let me know if this helps. you can also post a  sanitized config from your device for more trouble shooting assistance.
0

Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
OSPF - Convergence & Downtime 9 78
TZ400 2 29
Question about Buffalo NAS devices 4 53
X2 to x0 on sonicwall tz200 1 20
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question