new Srx-220 implementation/configuration problem

last person joined: yesterday

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

Back to discussions

Expand all | Collapse all

new Srx-220 implementation/configuration problem

Jump to Best Answer

1. new Srx-220 implementation/configuration problem

0 Recommend
Erdem
Posted 07-03-2015 00:48
| view attached

Reply Reply Privately
Hi,

     I have pix 525 in my running network which not running smoothly due to some hardware fault and it is replaced by srx220. I am completely new with juniper products, So will any one can help me how to configure the srx-220. I am sending the configuration of cisco pix and the network diagram.

PIX Version 6.3(4)
interface ethernet0 auto
interface ethernet1 auto
interface gb-ethernet0 1000auto shutdown
interface gb-ethernet1 1000auto shutdown
interface ethernet2 100full
interface ethernet3 100full
interface ethernet4 auto shutdown
interface ethernet5 auto shutdown
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif gb-ethernet0 inside1 security99
nameif gb-ethernet1 inside2 security90
nameif ethernet2 intf4 security8
nameif ethernet3 radio-phy security10
nameif ethernet4 intf6 security12
nameif ethernet5 intf7 security14
enable password ################# encrypted
passwd ################ encrypted
hostname cupix
domain-name cupix.com
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list acl_out permit icmp any any
access-list acl_out permit udp any any eq domain
access-list acl_out permit ip any any
access-list acl_out permit tcp any any
access-list acl_in permit icmp any any
access-list acl_in permit udp any any eq domain
access-list acl_in permit tcp any any
access-list RADIO-PHY permit ip host 10.0.3.2 any
access-list RADIO-PHY permit ip host 10.0.3.3 any
access-list RADIO-PHY permit tcp 10.0.3.0 255.255.255.0 any
access-list RJABZR_CASH permit ip host 10.0.2.2 any
access-list RJABZR_CASH permit ip host 10.0.2.3 any
access-list RJABZR_CASH permit ip host 10.0.2.4 any
access-list RJABZR_CASH permit ip host 10.0.2.5 any
access-list RJABZR_CASH permit ip host 10.0.2.6 any
access-list RJABZR_CASH permit ip host 10.0.2.10 any
access-list RJABZR_CASH permit ip host 10.0.2.11 any
pager lines 24
mtu outside 1500
mtu inside 1500
mtu inside1 1500
mtu inside2 1500
mtu intf4 1500
mtu radio-phy 1500
mtu intf6 1500
mtu intf7 1500
ip address outside 172.20.1.2 255.255.255.0
ip address inside 172.16.0.250 255.255.255.248
no ip address inside1
no ip address inside2
no ip address intf4
ip address radio-phy 192.110.1.1 255.255.255.0
no ip address intf6
no ip address intf7
ip audit info action alarm
ip audit attack action alarm
no failover
failover timeout 0:00:00
failover poll 15
no failover ip address outside
no failover ip address inside
no failover ip address inside1
no failover ip address inside2
no failover ip address intf4
no failover ip address radio-phy
no failover ip address intf6
no failover ip address intf7
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list RJABZR_CASH
nat (inside) 1 10.3.64.74 255.255.255.255 0 0
nat (inside) 1 172.16.1.11 255.255.255.255 0
nat (inside) 1 172.16.110.2 255.255.255.255 0 0
nat (inside) 1 172.16.0.248 255.255.255.248 0 0
nat (inside) 1 172.16.11.248 255.255.255.248 0 0
nat (inside) 1 10.0.2.0 255.255.255.0 0 0
nat (inside) 1 172.10.1.0 255.255.255.0 0 0
nat (inside) 1 172.16.11.0 255.255.255.0 0 0
nat (inside) 1 172.16.100.0 255.255.255.0 0 0
nat (inside) 1 192.110.1.0 255.255.255.0 0 0
nat (inside) 1 192.168.50.0 255.255.255.0 0 0
nat (inside) 1 172.16.0.0 255.255.0.0 0 0
access-group acl_out in interface outside
access-group acl_in i
route outside 0.0.0.0 0.0.0.0 172.20.1.1 1
route inside 10.0.2.0 255.255.255.0 172.16.0.249 1
route inside 10.0.3.0 255.255.255.0 172.16.0.249 1
route inside 10.3.64.0 255.255.224.0 172.16.0.249 1
route inside 172.10.0.0 255.255.0.0 172.16.0.249 1
route inside 172.10.1.0 255.255.255.0 172.16.0.249 1
route inside 172.16.0.0 255.255.0.0 172.16.0.249 1
route inside 192.168.50.0 255.255.255.0 172.16.0.249 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet 172.16.0.0 255.255.0.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0

Thanks:
Anand Chourasia
anand.chourasia9@gmail.com
2. RE: new Srx-220 implementation/configuration problem

0 Recommend
joses
Posted 07-03-2015 04:10

Reply Reply Privately
Hello ,

Can you try the following conversion tool :

http://kb.juniper.net/InfoCenter/index?page=content&id=KB13220&smlogin=true
3. RE: new Srx-220 implementation/configuration problem

0 Recommend
Erdem
Posted 07-03-2015 04:46

Reply Reply Privately
Hello Sam,

Thanks for replying, but my account privileges do not permit access/downlod to that information or service requested. so will you please send me that software on my mail to anand.chourasia9@gmail.com if possible.

Thanks
Anand
4. RE: new Srx-220 implementation/configuration problem
Best Answer

0 Recommend
joses
Posted 07-03-2015 20:12

Reply Reply Privately
Hello ,

Its not a software , its an online tool availible to convert the CISCO configration to Junos configuration . Let me check if ther is any other software availible .

Please check this forum link also : http://forums.juniper.net/t5/SRX-Services-Gateway/PIX-ASA-to-Junos-converter/td-p/117878
5. RE: new Srx-220 implementation/configuration problem

0 Recommend
Erdem
Posted 07-04-2015 10:07

Reply Reply Privately
Hello Sam,
I have no any idea of perl but I tried with activeperl but unfortunately unable to get the solution. If you have access of that ios to junos coverter toll then will you please convert the command line and mail me on anand.chourasia9@gmail.com if possible.

Thanks
Anand
6. RE: new Srx-220 implementation/configuration problem

0 Recommend
joses
Posted 07-04-2015 23:50

Reply Reply Privately
Hello ,

I will try that . But some of the command may actually not get completely comverted to IOS , for that you may need to rely on the scripts or get help from professional services .

SRX

new Srx-220 implementation/configuration problem

Erdem07-03-2015 00:48

joses07-03-2015 04:10

Erdem07-03-2015 04:46

joses07-03-2015 20:12Best Answer

Erdem07-04-2015 10:07

joses07-04-2015 23:50

1. new Srx-220 implementation/configuration problem

2. RE: new Srx-220 implementation/configuration problem

3. RE: new Srx-220 implementation/configuration problem

4. RE: new Srx-220 implementation/configuration problem Best Answer

5. RE: new Srx-220 implementation/configuration problem

6. RE: new Srx-220 implementation/configuration problem

4. RE: new Srx-220 implementation/configuration problem
Best Answer