Solved

How I configure juniper to access internet and branches in the same link?

Posted on 2010-08-16
12
916 Views
Last Modified: 2013-11-16
Hi,

Kindly I have this situation,

CoreSwitch connected to Internet and branches through two links from ISP one for internet by Juniper Firewall and another one to Branches by Cisco Router through MPLS network.

I need to combine the both link in one link. So I need to access the branches and internet through ISP link. And in this case the traffic which going to internet should be nat and the traffic what going to branches should be normal route.

Kindly see attached

This scenario is normal for me in ASA Cisco Firewall using nat control (nat 0) but in juniper it is a new setup for me.

So kindly I need any example with the same scenario using Juniper Firewall.

Best Regards

Juniper-Combine-Link.jpg
0
Comment
Question by:Migo50
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
12 Comments
 
LVL 32

Expert Comment

by:dpk_wal
ID: 33451742
>> I need to combine the both link in one link.
I am assuming that you would do away with MPLS as you would now be going through ISP internet link; if such is the case then you can create site-to-site VPN tunnels with remote branches; also remote VPN (if needed).

So all users behind the firewall would get internet through ISP when juniper firewall does NAT; also with site-to-site VPN tunnels users at different location would be able to share network resources as allowed by VPN policy.

If the firewall is a NS/ISG/SSG firewall then please have a look at link below:
http://kb.juniper.net/kb/documents/public/resolution_path/J_FW_VPN_Config_or_Trblsh.htm

Thank you.
0
 

Author Comment

by:Migo50
ID: 33456070
Dear,

The MPLS connection is terminated in ISP side Provider Edge (PE) and there is no MPLS traffic will reach to ISG and the site-to-site VPN is a good idea but it is not scalable idea because I have multiple branches and it will be grown in the future. Already I do it using nating control by Cisco Firewall and I'm looking to do the same concept but using juniper and I'm asking it is available by Juniper firewall to make nating control or not in case of YES are there any example or configuration using ISG to make nating control!!

Thank you
0
 
LVL 32

Accepted Solution

by:
dpk_wal earned 350 total points
ID: 33461669
Yes you can configure NAT on ISG; may be look at examples below:
http://kb.juniper.net/KB11909
http://kb.juniper.net/index?page=content&id=TN81&actp=search&searchid=1282110763524

If above is no help; then I would ask you to give some NAT CLIs from your current conf and can provide SOS CLIs.

Thank you.
0
Retailers - Is your network secure?

With the prevalence of social media & networking tools, for retailers, reputation is critical. Have you considered the impact your network security could have in your customer's experience? Learn more in our Retail Security Resource Kit Today!

 
LVL 32

Expert Comment

by:dpk_wal
ID: 33859888
Need author comment to determine if solution worked on not.

Thank you.
0
 

Author Comment

by:Migo50
ID: 34186710
Sorry and kindly accept my appologize. I need to close the question but faild.
0
 

Author Comment

by:Migo50
ID: 34186723
I want to accept Genius's soultion and thanks for you all, and accept my appoligez again.
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 34188763
I have objected to my closing recommendation so you can close yourself.

Qlemo
Cleanup Volunteer
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 34193643
Hmm do not think "Delete/no refund" should be disposition; you would devoid me of rightful points! :)
0

Featured Post

What Is Transaction Monitoring and who needs it?

Synthetic Transaction Monitoring that you need for the day to day, which ensures your business website keeps running optimally, and that there is no downtime to impact your customer experience.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question