Posted on 2012-03-14
I've inherited a J2320 which is the WAN connection for an internal LAN and I need some fast advice on how to configure it. I understand the technology, I have configured many Cisco routers in the past, but for this J2320 I don't have a SMARTNET-like contract with Juniper to get help. On-line documentation stinks. What I need is this:
My public WAN IP is 220.127.116.11. That is the only IP alloted for the LAN. There are three internal LANs with private IP 10.1.1.0.24, 10.2.1.0/24 and 10.3.1.0/24. The downstream connection from the J2320 is a Cisco switch configured with VLANs 10, 20 and 30 for those three private subnets. The J2320 will have one port connected to the public IP and another port connected to the switch over a trunk consisting of the three VLANs (subnets).
Right now -on that first subnet will be a Subversion server 10.1.1.35, and a Web server 10.1.1.36 and an FTP server 10.1.1.37. On the second subnet are the laptops of folks that need to get out on the internet as well as have access to the three servers. They will get DHCP from the J2320 on the 10.2.1.0/24. Third subnet, what I'll do in the future is add a proxy server for all internet access for all users, not doing that yet.
Can I get help on this? Can someone give the configuation they would do for this?
In order of importance...
Most concerned about the port forwarding to get the servers to be available to the public.
Second concern is getting the DHCP server to work for the workstations on the 10.2.1.0/24 network and the Natting so the workstations can get out on internet.
Third most important is the trunking connection between the J2320 and the switch.
Fourth is making sure the firewall capability is working for the J2320 to protect all three subnets as well as the router itself from the internet.
Last on the list is the provision for the proxy -(which I imagine has to do with the security zones)
Please, this may seem like a lot but not for someone versed in Juniper. I would really appreciate the help. If you have a config for this please share.