Solved

Setup vlan routing on Juniper Netscreen 5gt - ns5gt

Posted on 2011-09-13
2
2,406 Views
Last Modified: 2012-05-12
I have a client with a Juniper Netscreen ns5gt I know the following about it the configuration:

trust-un-trust mode
3 policy-based ipsec vpn connections
Hardware Version:       1010(0)
Firmware Version:       5.0.0r8.1 (Firewall+VPN)

we are setting up a Wireless solution that basically creates 2 networks a public and a private

according to the original config that was given to me, they were only doing some port forwarding.  So we decided to replace it with a Mikrotik RB750GL - long story short it does not play nice with the remote vpn routers and we had to put the Juniper back in

How can I accomplish a similar configuration with the juniper:

public traffic tagged on vlan100
private traffic untagged

2 of the 4 available ports need to be trunk ports, the other 2 access ports
the trunk ports will be connected directly to the APs where VAP1 is private untagged and VAP2 is public tagged vlan100
public vlan100 needs a dhcp server
private uses a windows server for dhcp server
rules that will not allow traffic from public to private (does not matter if traffic goes from private to public)
 
I have set this up on a mikrotik hundreds of times, but I'm struggling with the juniper...  

thanks


0
Comment
Question by:gtmc
2 Comments
 
LVL 18

Accepted Solution

by:
Sanga Collins earned 500 total points
ID: 36530659
This is not possible with the ns5gt. The Limitations are built in since it is supposed to be a small office/ home device.

You can do the following:

i) port mode = home/work
This will allow you to create to seperate lans called work and home. Work is ports 1 and 2, home will be ports 3 and 4. Home zone will not be able to communicate with work zone, but work zone will be able to communicate with home zone.

i) port mode = dual untrust
This will allow port 4 to become the 2nd untrust interface accomodating 2 ISPs in failover mode.

Other than that you cant do much else with it. You can always get a used ns25 on ebay for just over $100. It will provide 4 seperate ports and vlans
0
 

Author Closing Comment

by:gtmc
ID: 36588842
Thanks!  

We ended up swapping out the firewall for the new router, as they had been experiencing problems with the VPNs and found an alternative solution.  


Thanks!
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Occasionally, we encounter connectivity issues that appear to be isolated to cable internet service.  The issues we typically encountered were reset errors within Internet Explorer when accessing web sites or continually dropped or failing VPN conne…
Optimal Xbox 360 connectivity requires "OPEN NAT". If you use Juniper Netscreen or SSG firewall products in a home setting, the following steps will allow you get rid of the dreaded warning screen below and achieve the best online gaming environment…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question