quick change ssg-5 lan ip address / how to access via https

I just took an SSG-5 off line.
I replaced it with a router that will have the same LAN ip so the gateway remains the same.

But, I want to keep the SSG-5 on the LAN so I can configure it.

What is a quick and easy way to change the bgroup0 ip address?

If this fails then i'd like to access via https but can't figure that one out either.  It has it's own public IP.

Eventually I may want to swap it back in - with a quick and easy LAN IP change again....
LVL 27
Fred MarshallPrincipalAsked:
Who is Participating?
 
Fred MarshallConnect With a Mentor PrincipalAuthor Commented:
I switched the Interface Mode from NAT to Route and then tried to change the bgroup IP address but that didn't work either.

So, I tried the CLI as you suggested.  It also didn't work.
Then I tried
unset interface bgroup0 ip

This errored out telling me that bgroup0 ip was the syslog src-interface.
So, I removed the syslog entry and now setting the ip works.
Thanks
0
 
Sanga CollinsSystems AdminCommented:
the best way to do this, especially if the LAN is your only way to access the ssg, is to donwload the config to text file. Modify the file, then upload the config back to the ssg choosing the 'replace' option instead of the 'merge' option. The ssg will take the config, save it to memory, then reboot to apply the changes.

if you have access to the WAN, make sure your public IP is in the list of permitted management IPs then login to the webui using the WAN ip address and change the LAN ip. this will not require a reboot.

Hope that helps :)
0
 
FideliusCommented:
Hello,

If you are using CLI:
set interface bgroup0 ip 10.0.0.1/24

From the WebUI:
Network > Interfaces > List > Edit (bgroup0) > Basic:
Enter the following, then click Apply:
IP Address/Netmask: 10.0.0.1/24

More details here on page 30:
http://www.juniper.net/techpubs/hardware/netscreen-systems/netscreen-systems54/HW_SSG5_540.pdf

Regards!
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
Fred MarshallPrincipalAuthor Commented:
When I edit the bgroup IP address I'm putting in:
10.0.1.4/30
and I get:
broup0 ip change pre-checking failed.
General: General system error

Thus my question....

I'm only using a single port for the LAN on the SSG-5.  The "group" was just for convenience should I need or want to plug something into the SSG-5 LAN (which I have *never* had to do).
So, I'm wondering if NOT using a bgroup, but rather a single port, would be better?

My concern is that I'll end up changing other things as in routing or elsewhere if I make that one seemingly "little" change.  So, I'd prefer to stick with bgroup0.
0
 
Fred MarshallPrincipalAuthor Commented:
Currently the bgroup0 address is 10.0.1.253/24
I want 10.0.1.4/32 but that isn't accepted either.  

I released all the ports from the broup0 except one of them.  Still the same.
I tried assigning an IP address to a single port that's not in the group in the Trust zone,
Get:
ethernet0/3 ip change pre-checking failed.
Interface: Illegal overlapping subnet.

In order to not have subnet overlap, tried changing subnet for bgroup0 to 10.0.1.253/25
Still get:
broup0 ip change pre-checking failed.
General: General system error
0
 
FideliusConnect With a Mentor Commented:
Hello,

There should be no difference if you are using bgroup0 for one or 4 ports.
bgroup0 is just logically grouping of ports.

OK. So you are changing IP address and mask, not just IP address.

10.0.1.4/30 is not legal host address. It is a network address.
For start try to change IP address to:
set interface bgroup0 ip 10.0.1.4/24

One thing that crosses my mind is, if you are using NAT maybe you should remove NAT from bgroup0 first:
unset interface bgroup0 nat
set interface bgroup0 ip 10.0.1.253/25
set interface bgroup0 nat
0
 
Fred MarshallPrincipalAuthor Commented:
10.0.1.4/30 is not legal host address. It is a network address.
For start try to change IP address to:
set interface bgroup0 ip 10.0.1.4/24

I understand your point here. But even with /24 I get:
broup0 ip change pre-checking failed.
General: General system error
0
 
FideliusCommented:
Did you try to remove NAT before setting new IP?
0
 
Fred MarshallPrincipalAuthor Commented:
The problem was that the syslog interface was assigned the bgroup0 ip address I was trying to change.  Removing that syslog entry solved the problem and I was able to change the ip address.

What an unfortunate design!  The tail seems to wag the dog in this case.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.