Link to home
Start Free TrialLog in
Avatar of bcp_cnsllc
bcp_cnsllc

asked on

Juniper ns5gt VPN router issues

A client has a WAN using various Juniper's to connect the VPN's. I have one site using a Juniper ns5gt VPN router that appears to have the untrusted port fail (no idiot lights light when anything is plugged in and no access to internet/VPN). I ordered another one online - unfort a used one since that is the quickest one i could find access to.

I saved the config off the old one. When I got the replacement I had some issues getting into the new (used) one (took LONG time to get a DCHP) and when I finally did I tried applying the cfg file from the logon screen. I immediately got the error "unrecognized configlet beginning banner." I then tried getting into the unit to apply the config in the config area but only get a home page with no options in the left hand pane (similar to if you hit the toggle link.

Below is the device information from the old and new (used)
new
hardware version = 1010(0)
firmware version = 5.4.0r14.0 (Firewall+VPN)
operational mode = trust-untrust

old
hardware version = 1010(0)
firmware version = 5.3.0r3.0 (Firewall+VPN)
operational mode = trust-untrust

While I see the firmware is different I would that make it that I cant apply the cfg file from the old unit or is it that there is something wrong with the unit since it appears that I cant get a true home page logon??

I really am desperate to have this be simply a reapply of a saved cg file since while I am used to these devices I am no expert and would be very difficult for me to setup the new device even with a side by side availability of the old one which I have full access to due to the number of WAN sites which all need access to each other.

This is a nursing operation and while they are functioning they desperately need access to the home office. All help would be greatly appreciated.
ASKER CERTIFIED SOLUTION
Avatar of John
John
Flag of Canada image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of Sanga Collins
Sanga Collins
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
It is also a good idea to first try to get the FW the same, if you can get a hand on the FW 5.4 download. Upgrading can be done by another browser (Firefox or Chrome), or an older IE. But using Firefox/Chrome to config ScreenOS isn't something I would do for long, there are a lot of flaws in the menu handling (besides the awful rendering).

As soon as you are on the same or higher FW (sub)release, you shouldn't have any issues with IE, or the old config file.
Avatar of bcp_cnsllc
bcp_cnsllc

ASKER

I got into the newer device using Mozilla. Honestly  didn't think that was the issue since I was able to get into the old unit using IE in compatibility mode. Great call on that!!

I was not able to paste in the old config but for some reason was able to get it to apply from the Config pull down. Once it rebooted I was able to get into and look briefly and while no way to know if all there what I saw looks ok.

Is there anyway to know if there are any errors in the device config that I imported or shall I assume that the only way to know is if works when deliver??
First, you cannot just paste the old config into IE, you have to upload it as a file (if you finally did).
The only way to know if something went wrong is to monitor the (serial) console while the NetScreen reboots. The Console will spit out error messages for each config line which has been ignored.

Ad-hoc you can export the config again into a different file, and just compare old and new one, best with a visual diff tool like WinMerge (http://winmerge.org/).
Thanks to all who helped - def saved my backside. Put in the client site today and appears to be working so just going to wait and see.
Thank you and I was happy to help. Saving our backsides is sometimes what this site is all about.   .... Thinkpads_User