Addiing a route to a Netscreen -5

See attachment
4.JPG

the routing between each subnet is created automaticaly. as long as they are both in the same zone, you should have no problem communicating between the two. I noticed that you are using a very old version of screenOS. It has been several years since i used that version. You may want to upgrade to verzion 5.0 at the least so you can get maximum functionality out of your device

What do you mean by the same zone? I have 2 Netscreen -5 routers. One for each network.

Sorry, my question might be confusing. 2 seperate networks, 2 seperate routers.

.2 network and .3 network

the netscreen has security zones: trust, untrust, and others you can create. As long as two interfaces on the same netscreen are in the same zone, you can send traffic between them. The route statements will be automatically added.

if your route statements are not automatically added, the only reason i can think of is the version of your screenOS device firmwre

Two Netscreen routers, not one.

Are the two devices connected through the LAN? or is the only connection via the WAN (DSL & comcast)?

if the only connection is through the WAN. you will need to create a VPN tunnel between the two netscreens. you can then create a route statement on each device pointing the destination LAN ip to the tunnel interface to route traffic to the correct location

No, they both plug into the same switch inside the building.

Seems like I would just need to add a route to the .2 pointing to the .3 no?

ok if both devices are plugged into the same switch from their trust ports, what id do is create a subinterface on each device with an ip address on the destination network.

so for device 1 with 192.168.2.0---------with gateway 192.168.2.254, i would create a subinterface with the ipaddress of 192.168.3.50, subnet 255.255.255.0, gateway, 192.168.3.254

i would do the reverse on the other device.

this will put each juniper on the corresponding junipers network allowing traffic to pass through

@zen, thanks for that, the route statement would be needed in addition to a sub interface.

so subinterface should be 192.168.3.50/32 (very important to make it 32bit)
and route statement should be 192.168.3.0/24, destination>subinterface

hmmmm, interesting. Why won't adding a route work, just curious.

trust interface on junipers are usually in NAT mode, and the untrust interface in route mode. id have to test it to be absolutely sure, but i believe the trust would have to be changed to route mode for this to work. that would then break other portions of the setup like Mapped ips, vips, and.or vpn routing if there is any

I dont see an option to create a sub interface. Virtual ip?

i fired up an ns5gt with version 4.0 firmware and indeed that option is not there. i will attempt to find a way to replicate your setup in my office lab and see if there is another way to solve your problem. if you do have the option ... upgrading for version 5 screenOS will make a huge difference. it is literrally night and day in comparison

And I very much appreciate your help! Where can i get ahold of the updated os? Will it break the configuration? We do VPN between home office and this remote.

Would it be easier to just subnet the 192.168.1.2 network ?

Thank you very much!