Solved

Setup vlan routing on Juniper Netscreen 5gt - ns5gt

Posted on 2011-09-13
2
2,443 Views
Last Modified: 2012-05-12
I have a client with a Juniper Netscreen ns5gt I know the following about it the configuration:

trust-un-trust mode
3 policy-based ipsec vpn connections
Hardware Version:       1010(0)
Firmware Version:       5.0.0r8.1 (Firewall+VPN)

we are setting up a Wireless solution that basically creates 2 networks a public and a private

according to the original config that was given to me, they were only doing some port forwarding.  So we decided to replace it with a Mikrotik RB750GL - long story short it does not play nice with the remote vpn routers and we had to put the Juniper back in

How can I accomplish a similar configuration with the juniper:

public traffic tagged on vlan100
private traffic untagged

2 of the 4 available ports need to be trunk ports, the other 2 access ports
the trunk ports will be connected directly to the APs where VAP1 is private untagged and VAP2 is public tagged vlan100
public vlan100 needs a dhcp server
private uses a windows server for dhcp server
rules that will not allow traffic from public to private (does not matter if traffic goes from private to public)
 
I have set this up on a mikrotik hundreds of times, but I'm struggling with the juniper...  

thanks


0
Comment
Question by:gtmc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 18

Accepted Solution

by:
Sanga Collins earned 500 total points
ID: 36530659
This is not possible with the ns5gt. The Limitations are built in since it is supposed to be a small office/ home device.

You can do the following:

i) port mode = home/work
This will allow you to create to seperate lans called work and home. Work is ports 1 and 2, home will be ports 3 and 4. Home zone will not be able to communicate with work zone, but work zone will be able to communicate with home zone.

i) port mode = dual untrust
This will allow port 4 to become the 2nd untrust interface accomodating 2 ISPs in failover mode.

Other than that you cant do much else with it. You can always get a used ns25 on ebay for just over $100. It will provide 4 seperate ports and vlans
0
 

Author Closing Comment

by:gtmc
ID: 36588842
Thanks!  

We ended up swapping out the firewall for the new router, as they had been experiencing problems with the VPNs and found an alternative solution.  


Thanks!
0

Featured Post

Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question