?
Solved

Setup vlan routing on Juniper Netscreen 5gt - ns5gt

Posted on 2011-09-13
2
Medium Priority
?
2,479 Views
Last Modified: 2012-05-12
I have a client with a Juniper Netscreen ns5gt I know the following about it the configuration:

trust-un-trust mode
3 policy-based ipsec vpn connections
Hardware Version:       1010(0)
Firmware Version:       5.0.0r8.1 (Firewall+VPN)

we are setting up a Wireless solution that basically creates 2 networks a public and a private

according to the original config that was given to me, they were only doing some port forwarding.  So we decided to replace it with a Mikrotik RB750GL - long story short it does not play nice with the remote vpn routers and we had to put the Juniper back in

How can I accomplish a similar configuration with the juniper:

public traffic tagged on vlan100
private traffic untagged

2 of the 4 available ports need to be trunk ports, the other 2 access ports
the trunk ports will be connected directly to the APs where VAP1 is private untagged and VAP2 is public tagged vlan100
public vlan100 needs a dhcp server
private uses a windows server for dhcp server
rules that will not allow traffic from public to private (does not matter if traffic goes from private to public)
 
I have set this up on a mikrotik hundreds of times, but I'm struggling with the juniper...  

thanks


0
Comment
Question by:gtmc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 18

Accepted Solution

by:
Sanga Collins earned 2000 total points
ID: 36530659
This is not possible with the ns5gt. The Limitations are built in since it is supposed to be a small office/ home device.

You can do the following:

i) port mode = home/work
This will allow you to create to seperate lans called work and home. Work is ports 1 and 2, home will be ports 3 and 4. Home zone will not be able to communicate with work zone, but work zone will be able to communicate with home zone.

i) port mode = dual untrust
This will allow port 4 to become the 2nd untrust interface accomodating 2 ISPs in failover mode.

Other than that you cant do much else with it. You can always get a used ns25 on ebay for just over $100. It will provide 4 seperate ports and vlans
0
 

Author Closing Comment

by:gtmc
ID: 36588842
Thanks!  

We ended up swapping out the firewall for the new router, as they had been experiencing problems with the VPNs and found an alternative solution.  


Thanks!
0

Featured Post

Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Network traffic routing plays key role in your network, if you have single site with heavy browsing or multiple sites, replicating important application data from your Primary Default Gateway ,you have to route your other network traffic from your p…
I wrote this article to help simplify the process of combining multiple subnets. This can be used for route summarization also but there are other better ways to summarize routes, This article is a result of questions I participate in here at Ex…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question