How I configure juniper to access internet and branches in the same link?

Hi,

Kindly I have this situation,

CoreSwitch connected to Internet and branches through two links from ISP one for internet by Juniper Firewall and another one to Branches by Cisco Router through MPLS network.

I need to combine the both link in one link. So I need to access the branches and internet through ISP link. And in this case the traffic which going to internet should be nat and the traffic what going to branches should be normal route.

Kindly see attached

This scenario is normal for me in ASA Cisco Firewall using nat control (nat 0) but in juniper it is a new setup for me.

So kindly I need any example with the same scenario using Juniper Firewall.

Best Regards

Juniper-Combine-Link.jpg
Migo50Asked:
Who is Participating?
 
dpk_walConnect With a Mentor Commented:
Yes you can configure NAT on ISG; may be look at examples below:
http://kb.juniper.net/KB11909
http://kb.juniper.net/index?page=content&id=TN81&actp=search&searchid=1282110763524

If above is no help; then I would ask you to give some NAT CLIs from your current conf and can provide SOS CLIs.

Thank you.
0
 
dpk_walCommented:
>> I need to combine the both link in one link.
I am assuming that you would do away with MPLS as you would now be going through ISP internet link; if such is the case then you can create site-to-site VPN tunnels with remote branches; also remote VPN (if needed).

So all users behind the firewall would get internet through ISP when juniper firewall does NAT; also with site-to-site VPN tunnels users at different location would be able to share network resources as allowed by VPN policy.

If the firewall is a NS/ISG/SSG firewall then please have a look at link below:
http://kb.juniper.net/kb/documents/public/resolution_path/J_FW_VPN_Config_or_Trblsh.htm

Thank you.
0
 
Migo50Author Commented:
Dear,

The MPLS connection is terminated in ISP side Provider Edge (PE) and there is no MPLS traffic will reach to ISG and the site-to-site VPN is a good idea but it is not scalable idea because I have multiple branches and it will be grown in the future. Already I do it using nating control by Cisco Firewall and I'm looking to do the same concept but using juniper and I'm asking it is available by Juniper firewall to make nating control or not in case of YES are there any example or configuration using ISG to make nating control!!

Thank you
0
Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

 
dpk_walCommented:
Need author comment to determine if solution worked on not.

Thank you.
0
 
Migo50Author Commented:
Sorry and kindly accept my appologize. I need to close the question but faild.
0
 
Migo50Author Commented:
I want to accept Genius's soultion and thanks for you all, and accept my appoligez again.
0
 
QlemoDeveloperCommented:
I have objected to my closing recommendation so you can close yourself.

Qlemo
Cleanup Volunteer
0
 
dpk_walCommented:
Hmm do not think "Delete/no refund" should be disposition; you would devoid me of rightful points! :)
0
All Courses

From novice to tech pro — start learning today.