SSL VPN
Reply
Contributor
emoralesa
Posts: 107
Registered: ‎09-14-2009
0

SSG140 and SSG5

How are you? I have a SSG140 in my office and I have a SSG5 in another room. On both computers there is a VPN. The SSG140 is a segment is 172.31.114.0 and SSG5 segment 172.31.74.0. Can you set a machine in the SSG140 segment, with its corresponding IP address, so that via VPN, between the segment SSG5? Is it possible?. I have a database in the segment SSG5 and need access to it from the SSG140 segment.

 

Thank you very much :smileyhappy:

Distinguished Expert
muttbarker
Posts: 2,363
Registered: ‎01-29-2008
0

Re: SSG140 and SSG5

Hi - this question really belongs in the firewall forum. But as you posted it here I will respond. I am not sure what you are asking for. Do you want to establish a connection from a client PC that is behind the SSG140 to a database that is behind the SSG5? That is very easy to do and that is what a VPN tunnel would do for you.

 

Can you perhaps restate your problem and maybe post a picture?

Kevin Barker
JNCIP-SEC
JNCIS-ENT, FWV, SSL, WLAN
JNCIA-ER, EX, IDP, UAC, WX
Juniper Networks Certified Instructor
Juniper Networks Ambassador

Juniper Elite Reseller
J-Partner Service Specialist - Implementation

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Contributor
emoralesa
Posts: 107
Registered: ‎09-14-2009
0

Re: SSG140 and SSG5

Sorry, I'm new to the forum. Exactly, I need to see a database that belongs SSG5 segment from the segment SSG140. SSG5 need to enter with the ip I have in the SSG140. I hope I was clear, otherwise tell me. I deeply appreciate your support.
Distinguished Expert
muttbarker
Posts: 2,363
Registered: ‎01-29-2008
0

Re: SSG140 and SSG5

Ok - simple site to site VPN - on each box (SSG5 & SSG140) define an address box entry for the device on the local side and the device on the remote side - local would be in trust zone, remote in untrust - make sure they match on both sides! IE - the remote addr on one should map to the local add on other.

 

Then define the IKE gateway, define the VPN and tie the gateway to it and then define a policy. Do so on each box.

 

Following is a quickie example for connecting two sites - one called "corp" the other called "remote" - this is done from the CLI, not the WEB GUI -  

Corp

set address trust Corp-11-MAC 10.0.11.10/32

set address untrust Remote-12-PC 10.0.12.10/32

set ike gateway Corp11-to-Rem12-GW address 1.1.12.1 outgoing-interface eth0/0 preshare password sec-level standard

set vpn Corp11-to-Rem12-VPN gateway Corp11-to-Rem12-GW sec-level standard

set vpn corp11-to-rem12-vpn monitor

set policy top from trust to untrust Corp-11-MAC Remote-12-PC any tunnel vpn Corp11-to-Rem12-VPN

set policy top from untrust to trust Remote-12-PC Corp-11-MAC any tunnel vpn Corp11-to-Rem12-VPN

 

Remote

set address trust Remote-12-PC 10.0.12.10/32

set address untrust Corp-11-MAC 10.0.11.10/32

set ike gateway Rem12-to-Corp11-GW address 1.1.11.1 outgoing-interface eth0/0 preshare password sec-level standard

set vpn Rem12-to-Corp11-VPN gateway Rem12-to-Corp11-GW sec-level standard

set vpn rem12-to-corp11-vpn monitor

set policy top from trust to untrust Remote-12-PC Corp-11-MAC any tunnel vpn Rem12-to-Corp11-VPN

set policy top from untrust to trust Corp-11-MAC Remote-12-PC any tunnel vpn Rem12-to-Corp11-VPN

 

WEB GUI - Addresses are done under Policy / Policy Elements / Addresses

IKE Gateway - VPN's / AutoKey  Advanced / Gateway

VPN - VPN - Autokey IKE

Policies -  Policies

 

Hope this makes sense.

Kevin Barker
JNCIP-SEC
JNCIS-ENT, FWV, SSL, WLAN
JNCIA-ER, EX, IDP, UAC, WX
Juniper Networks Certified Instructor
Juniper Networks Ambassador

Juniper Elite Reseller
J-Partner Service Specialist - Implementation

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Contributor
emoralesa
Posts: 107
Registered: ‎09-14-2009
0

Re: SSG140 and SSG5

Thank you very much for the support. Sorry if I did not reply earlier, I had many activities not allow me to access the forum. I'm going to try it and let you know the outcome.
Distinguished Expert
muttbarker
Posts: 2,363
Registered: ‎01-29-2008
0

Re: SSG140 and SSG5

Great - let me know if it all makes sense.
Kevin Barker
JNCIP-SEC
JNCIS-ENT, FWV, SSL, WLAN
JNCIA-ER, EX, IDP, UAC, WX
Juniper Networks Certified Instructor
Juniper Networks Ambassador

Juniper Elite Reseller
J-Partner Service Specialist - Implementation

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.