Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Juniper netscreen-25

Posted on 2011-03-18
4
827 Views
Last Modified: 2013-11-16
Hello,

I am trying to pass a port through from 1025 from the outside to 25 on the inside.  I'm trying this either from the CLI or GUI.

Thanks
0
Comment
Question by:mahrens007
  • 2
  • 2
4 Comments
 
LVL 69

Expert Comment

by:Qlemo
ID: 35168299
You need to create a custom service for port 1025, then go into your Untrust interface and add a VIP service with that custom port, the private IP and the mapped port (25).
Then create a "permit" policy Untrust->Trust having "VIP" as destination and "any" as service (or choose the custom service for 1025 if you like).
0
 
LVL 6

Author Comment

by:mahrens007
ID: 35168577
Do you have a screen shot or an example I can follow?
0
 
LVL 69

Accepted Solution

by:
Qlemo earned 500 total points
ID: 35171713
Sorry, I was wrong with my previous post, regarding having to use a custom service.

Here is a simplified example for CLI. eth0/2 is the Untrust interface, 192.168.1.1 your internal server:
set interface ethernet0/2 vip interface-ip 1025 "SMTP" 192.168.1.1 manual
set policy top name "SMTP in"  from Untrust to Trust "Any-IPv4" "VIP(ethernet0/2)" any permit log count

Open in new window

That will allow any VIP service you create to connect (because of the "any" in the policy). That is more flexible, since you would only have to add another VIP service to your interface to get access.
If you want a more restricted setup, which is not necessary here, you would have to define a custom service for 1025, and provide that one instead of "any" service in the policy.

Doing above in the WebGUI is straightforward, since you can almost exactly follow the command from left to right when going thru the WebGUI menus and dialogs.
0
 
LVL 6

Author Closing Comment

by:mahrens007
ID: 35184088
Thanks for you help
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article is a guide to configure bridging on Cisco Routers.  This is something I never knew was possible until after making a few phone calls to Cisco.  Using bridging saved our company money by not requiring us to purchase a new switch.  Bridgi…
Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question