Hi

 

Do your "customers/user" have private or public addressing?

 

I am not going to try to fix your config.  I will write you a nice clean config(assuming that you are running private adressing and no .1Q tagging).

 

1. I need the interface that you use for your WAN connection and how it connects to the internet.  Does the SRx get its IP via DHCP?  How many public IP addresses do you have/

2. For each "Customer/User" that you want to have seperate networks, let me know their IP address range (private), and what IP SRX  needs.

3.  If you need any DST NAT rules, then let me know the external IP and the internet Ip that it needs to go to.  protocol and port number on both sides.

 

 

Customer/User 1

Ports on SRX that you want to allocate

SRX LAN IP/Prefix

 

Customer/User 2

Ports on SRX that you want to allocate

SRX LAN IP/Prefix

 

WAN Information

IP and interface that you want to use

 

Any other routes that you need, excliding any directly connected (private IP) subnets.

 

The policy will allow each customer out to the internet, but not to each other.

 

If not, then I suggest finding a Juniper partner and purchasing a their service to setup your SRX.

 

Hi

 

I have created, but not tested, an example config for you.

 

You will need to check the IP addresses ranges and interface assignement, plus making sure that you add your roou-authentication line.

 

It has been setup for two customers, plus a default network, to go to the internet, but not each other.  RDP has been setup to an internat IP address on CUSTOMER1 network.

 

I hope this helps.

Hello John,

 

Thank you,

 

i will try your config, and thank you for you effort, but you are right i will try a local juniper partner, monday.

 

But before that i will try your config

 

I just change customer1 and customer2 to have the same ip range (192.168.1.0/24 ) and have a go, then i will see

if i can change the internet adapter for customer1 to be ge-0/0/15 and for customer2 ge/0/0/14.

the entire setup has to be seperate nics and vlans and customer1 and customer2 do have the same vlan, so

i can not seperate them just using routes..

 

Kind regards

Gert

 

 

 

 

 

 

 

 

 

 

 

 

Sorry,

 

customer1 and customer2 do NOT have the same vlan, they have the same IP range (192.168.1.0)..

 

Kind regards

Gert

Hi

You first post did not indicate that you had your customers on one subnet. Your first post was about RDP and NAT.

Can I suggest that when you contact a juniper partner, you detail your exact requirements and network topology.

My first config had vpn, multiple networks, and destination NAT setup. By the sound of it, it may be closer to your requirements.

Hello,

 

yes i can see that now when i read i again, i am sorry i was not clear,

i have attached a pdf file with the network.

 

what i was trying to say that i have it working from inside out, now i just want to publish

1-2 servers..

 

 

Kind reagrds

Gert

 

 

So you have two internet IP addresses, in same subnet range.

You have two internal service with rdp and http that you want destination NAT setup.

If they are for different customers, then they should be on separate IP networks and interfaces.

Please can you provide more detail and context when you speak to the partner.

Got it to work yesturday..

 

I just hat to put in which nic the vr was attached...

 

Kind regards

Gert