Solved

Setup vlan routing on Juniper Netscreen 5gt - ns5gt

Posted on 2011-09-13
2
2,378 Views
Last Modified: 2012-05-12
I have a client with a Juniper Netscreen ns5gt I know the following about it the configuration:

trust-un-trust mode
3 policy-based ipsec vpn connections
Hardware Version:       1010(0)
Firmware Version:       5.0.0r8.1 (Firewall+VPN)

we are setting up a Wireless solution that basically creates 2 networks a public and a private

according to the original config that was given to me, they were only doing some port forwarding.  So we decided to replace it with a Mikrotik RB750GL - long story short it does not play nice with the remote vpn routers and we had to put the Juniper back in

How can I accomplish a similar configuration with the juniper:

public traffic tagged on vlan100
private traffic untagged

2 of the 4 available ports need to be trunk ports, the other 2 access ports
the trunk ports will be connected directly to the APs where VAP1 is private untagged and VAP2 is public tagged vlan100
public vlan100 needs a dhcp server
private uses a windows server for dhcp server
rules that will not allow traffic from public to private (does not matter if traffic goes from private to public)
 
I have set this up on a mikrotik hundreds of times, but I'm struggling with the juniper...  

thanks


0
Comment
Question by:gtmc
2 Comments
 
LVL 18

Accepted Solution

by:
Sanga Collins earned 500 total points
ID: 36530659
This is not possible with the ns5gt. The Limitations are built in since it is supposed to be a small office/ home device.

You can do the following:

i) port mode = home/work
This will allow you to create to seperate lans called work and home. Work is ports 1 and 2, home will be ports 3 and 4. Home zone will not be able to communicate with work zone, but work zone will be able to communicate with home zone.

i) port mode = dual untrust
This will allow port 4 to become the 2nd untrust interface accomodating 2 ISPs in failover mode.

Other than that you cant do much else with it. You can always get a used ns25 on ebay for just over $100. It will provide 4 seperate ports and vlans
0
 

Author Closing Comment

by:gtmc
ID: 36588842
Thanks!  

We ended up swapping out the firewall for the new router, as they had been experiencing problems with the VPNs and found an alternative solution.  


Thanks!
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

This article is focussed on erradicating the confusion with slash notations. This article will help you identify and understand the purpose and use of slash notations. A deep understanding of this will help you identify networks quicker especially w…
Security is one of the biggest concerns when moving and migrating your data from your on-premise location to the Public Cloud.  Where is your data? Who can access it? Will it be safe from accidental deletion?  All of these questions and more are imp…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now