ScreenOS Firewalls (NOT SRX)
Reply
Visitor
Funktopus
Posts: 2
Registered: ‎08-06-2009
0

Port forwarding on Juniper SSG 20

Hello,

I'm new to these boards so please be gentle. In fact I'm fairly new to Juniper products alltogether. I love their stuff though so I'm embracing it a lot lately. Pretty soon I'm scoping to get initial certification in JNCIA so I can get familiar with the equipment - but for now I'm in the deep end as I need to set up some Juniper gear - and having some teething issues basically due to the poor knowledge of the product - so need some help from those in the know!

 

 

I've searched here and other sites - and found semi relevant info - however I think my situation may be a little unique.

I'm configuring 2* SSG 20s for a 2 site VPN setup - and I'm in the process of configuring the port forwards so that each site can rdp eachother etc etc. Simple enough.

The SSGs have been fitted with an adsl2/2+ A PIM each to accommodate the links at each site - here's where I *think* I may be having an issue.

Being a fair beginner to Juniper products - I'll try to explain my problem as best as I can.

I'm familiar with the VIP method - however I'm unable to see the VIP option on my adsl1 untrust interface - I do however see it on the bgroup0 trust interface - however I'm thinking this is the incorrect interface to configure VIPs for my requirements.

Reason I'm confused is that I use a 5GT at home - and I have configured VIPs quite easily on the untrust interface with no hassles, I created my custom service, setup my policy, chose the VIP as destination - off it went without a hitch.

The SSG20s are being configured offsite ready for deployment tomorrow - adsl interface is as yet not initialized - could this be why the VIP option is missing?

I'm thinking it has something to do with the PIM/dsl untrust interface configuration - although I accept I could be way off. I followed the manual and there's nothing really specific about the PIM install/config.

 

Any help or a point in the right direction would be handy. I'm waiting for my 1 day turnaround to activate Juniper support for these new SSGs hence I've posted for help here.

Look forward to some assistance.

Thanks

Nick

Trusted Contributor
dennish
Posts: 207
Registered: ‎09-03-2008
0

Re: Port forwarding on Juniper SSG 20

I think you are pointing out your own issue indeed. You should configure the VIP on the adsl interface indeed, but for what i can recall an IP address is required on the interface before you can set VIP/MIPs.

 

I suppose you could do it with a temp dummy address and change it back to DHCP when deploying it.

 

 

Dennis

Visitor
Funktopus
Posts: 2
Registered: ‎08-06-2009
0

Re: Port forwarding on Juniper SSG 20

The issue was indeed caused by the dsl interface not being initialized and having an IP at the time I configured the units.

Soon as I arrived onsite - connected the units and the interface established a connection with an IP address - the VIP option became available. The rest was reasonably easy to complete and the VPN is now simmering away nicely.

 

Thanks for your help.

 

Nick

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.