Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

How I configure juniper to access internet and branches in the same link?

Posted on 2010-08-16
12
Medium Priority
?
921 Views
Last Modified: 2013-11-16
Hi,

Kindly I have this situation,

CoreSwitch connected to Internet and branches through two links from ISP one for internet by Juniper Firewall and another one to Branches by Cisco Router through MPLS network.

I need to combine the both link in one link. So I need to access the branches and internet through ISP link. And in this case the traffic which going to internet should be nat and the traffic what going to branches should be normal route.

Kindly see attached

This scenario is normal for me in ASA Cisco Firewall using nat control (nat 0) but in juniper it is a new setup for me.

So kindly I need any example with the same scenario using Juniper Firewall.

Best Regards

Juniper-Combine-Link.jpg
0
Comment
Question by:Migo50
  • 4
  • 3
8 Comments
 
LVL 32

Expert Comment

by:dpk_wal
ID: 33451742
>> I need to combine the both link in one link.
I am assuming that you would do away with MPLS as you would now be going through ISP internet link; if such is the case then you can create site-to-site VPN tunnels with remote branches; also remote VPN (if needed).

So all users behind the firewall would get internet through ISP when juniper firewall does NAT; also with site-to-site VPN tunnels users at different location would be able to share network resources as allowed by VPN policy.

If the firewall is a NS/ISG/SSG firewall then please have a look at link below:
http://kb.juniper.net/kb/documents/public/resolution_path/J_FW_VPN_Config_or_Trblsh.htm

Thank you.
0
 

Author Comment

by:Migo50
ID: 33456070
Dear,

The MPLS connection is terminated in ISP side Provider Edge (PE) and there is no MPLS traffic will reach to ISG and the site-to-site VPN is a good idea but it is not scalable idea because I have multiple branches and it will be grown in the future. Already I do it using nating control by Cisco Firewall and I'm looking to do the same concept but using juniper and I'm asking it is available by Juniper firewall to make nating control or not in case of YES are there any example or configuration using ISG to make nating control!!

Thank you
0
 
LVL 32

Accepted Solution

by:
dpk_wal earned 1400 total points
ID: 33461669
Yes you can configure NAT on ISG; may be look at examples below:
http://kb.juniper.net/KB11909
http://kb.juniper.net/index?page=content&id=TN81&actp=search&searchid=1282110763524

If above is no help; then I would ask you to give some NAT CLIs from your current conf and can provide SOS CLIs.

Thank you.
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
LVL 32

Expert Comment

by:dpk_wal
ID: 33859888
Need author comment to determine if solution worked on not.

Thank you.
0
 

Author Comment

by:Migo50
ID: 34186710
Sorry and kindly accept my appologize. I need to close the question but faild.
0
 

Author Comment

by:Migo50
ID: 34186723
I want to accept Genius's soultion and thanks for you all, and accept my appoligez again.
0
 
LVL 71

Expert Comment

by:Qlemo
ID: 34188763
I have objected to my closing recommendation so you can close yourself.

Qlemo
Cleanup Volunteer
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 34193643
Hmm do not think "Delete/no refund" should be disposition; you would devoid me of rightful points! :)
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

877 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question