10-23-2008 08:22 AM
First of all i should start by saying that i have little to no experience with Juniper firewall orany other firewall for that matter.
I was given the taskto setup a Juniper NS-G5 at a co-workers home, who will be working from home and willrequire to have VOIP.
Currently the setup is suppose to go from the VirizonnDSL --> NG-G5--> Work Station but i have never been able to establishinternet connection, and that's all i need, if someone can help me setup and establishinternet connection, i would be forever grateful.
10-23-2008 09:44 PM
kindly explain ur topology or scenario more
JNCIE-SEC, JNCIE-ENT, JNCIE-SP, JNCIS(FWV,SSL),JNCIA(IDP,AC,WX),BIG IP-F5-LTM, CCNP
If this post was helpful, please mark this post as an "Accepted Solution".Kudos are always appreciated!
10-27-2008 07:50 AM
First of all we need to know what type of DSL connection you have (bridged, PPPoE, PPPoA)? This will dictate the type of configuration needed. If I'm not mistaken, the NS-5GT or SSG-5 units come out of the box with E0/0 as the untrusted (outside) interface and E0/2-0/6 in the trusted (inside) bridge group 0. This means that any port from 2-6 can be used for workstations. So in theory, you should connect the DSL modem to E0/0 and the workstation to E0/2. The default IP address for the NS/SSG should be 192.168.1.1 (perhaps 0.1), and it should answer via HTTP. If this unit has never been configured, a "wizard" screen will be presented to you. Follow the prompts and you should be on the Web. Now as for the VoIP and VPN configuration, we need to know more information.
10-27-2008 08:57 AM
Well this is the setup, alli need is for the trusted to allow me on the web, that way i can just configurethe phone on my end, i have walked thru the wizard and reset it a couple oftimes, but i still unable to gain access to the web, if you can give me step bystep i would be greatly appreciated, keeping in mind that the IP on the DSLwill be dynamic, being that is an home environment, no ISP provides static IPunless is a business account.
Thank you so much in advance for the help.
10-27-2008 09:07 AM
Thanks for the diagram, its helpful. The setup physically looks ok.
For ease, can you paste a copy of your config, login into the unit via telnet or console access and issue the command "get config".
10-27-2008 09:25 AM
This is what i have so far, I did all these setting over the phonewith a juniper support person, and I explained to him that the IP would be changing thus I would need theconnection to remain active even after the IP changes from the ISP.. but hisanswer was that I would loose the connection when the IP is changed…Not Good….is it possible to allow any IP to be received in the untrusted so theconnection to the web is never lost?
10-27-2008 09:45 AM
Most of the config is missing, I cant see the interface settings and such. The JTAC person was correct, when the IP address from the ISP is changed, the persitent connection to the web is broken. Its just the nature of the beast. In an enterprise setting, this can be stopped, but in your case it is unavoidable.
Side bar: are you connecting to an enterprise VoIP system (Cisco or Nortel at a HQ site) or to an internet based system?
I need the entire config to see what potentially is going on. Also if the config was setup with JTAC, its probably correct, however I would question the connection to the ISP (verizon). Please post the enitre config.
10-27-2008 09:50 AM
That was the entireConfig.. unless there is another command that i should be running to pull that information...
as for the VoIP itwill be Lucent corporate account.. i guess i will have no choice but to requestmy bosses to setup a business account for this employee.
10-27-2008 10:03 AM
that seems strange, but oh well. Lets start with this:
Since this sounds like residential DSL service, do you know if it is PPPoE or PPPoA?
Login into the 5GT via the web
Select = Network > Interfaces > List : examine the list, E0/0 should be in the untrust zone and have an IP address assigned, what is it? Examine E0/1 or Bgroup0, either of these should be in the Trust Zone and also have an IP address assigned to it, what is it?
Edit E0/0 and verify the routing button is selected
Edit Bgroup 0 and verify the NAT button is selected
Select = Network > routing >destination : do you have destination 0.0.0.0?
Select = Policy > Policies : Do you see a policy from Trust to Untrust Any Any Any Permit (It might be ID1 source:any destination:any service:any action:green circle enable:checkmark)?
I'm just trying to get a feel for how far this unit is configured.