• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2512
  • Last Modified:

Setup vlan routing on Juniper Netscreen 5gt - ns5gt

I have a client with a Juniper Netscreen ns5gt I know the following about it the configuration:

trust-un-trust mode
3 policy-based ipsec vpn connections
Hardware Version:       1010(0)
Firmware Version:       5.0.0r8.1 (Firewall+VPN)

we are setting up a Wireless solution that basically creates 2 networks a public and a private

according to the original config that was given to me, they were only doing some port forwarding.  So we decided to replace it with a Mikrotik RB750GL - long story short it does not play nice with the remote vpn routers and we had to put the Juniper back in

How can I accomplish a similar configuration with the juniper:

public traffic tagged on vlan100
private traffic untagged

2 of the 4 available ports need to be trunk ports, the other 2 access ports
the trunk ports will be connected directly to the APs where VAP1 is private untagged and VAP2 is public tagged vlan100
public vlan100 needs a dhcp server
private uses a windows server for dhcp server
rules that will not allow traffic from public to private (does not matter if traffic goes from private to public)
 
I have set this up on a mikrotik hundreds of times, but I'm struggling with the juniper...  

thanks


0
gtmc
Asked:
gtmc
1 Solution
 
Sanga CollinsSystems AdminCommented:
This is not possible with the ns5gt. The Limitations are built in since it is supposed to be a small office/ home device.

You can do the following:

i) port mode = home/work
This will allow you to create to seperate lans called work and home. Work is ports 1 and 2, home will be ports 3 and 4. Home zone will not be able to communicate with work zone, but work zone will be able to communicate with home zone.

i) port mode = dual untrust
This will allow port 4 to become the 2nd untrust interface accomodating 2 ISPs in failover mode.

Other than that you cant do much else with it. You can always get a used ns25 on ebay for just over $100. It will provide 4 seperate ports and vlans
0
 
gtmcAuthor Commented:
Thanks!  

We ended up swapping out the firewall for the new router, as they had been experiencing problems with the VPNs and found an alternative solution.  


Thanks!
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now