ScreenOS Firewalls (NOT SRX)
Reply
Visitor
arenault
Posts: 8
Registered: ‎07-13-2010
0
Accepted Solution

VPN configuration change: moving outgoing interface from serial 1/0 to ethernet 0/1

I have an SSG 140 in my office with a collection of route-based VPN tunnels.

All of these tunnels use the add-on T1 card (serial 1/0) as outgoing interface.

 

We are planning on moving this SSG 140 to our ISP datacenter in order.

The SSG will maintain the same public IP pool, but instead of using the T1 card, we will be using one of the ethernet interfaces.

 

Is there an easy way (CLI ?) to modify the SSG configuration to use ethernet 0/1 (for ex.) instead or serial 1/0 as the outgoing interface for all configured VPN gateways?

 

Thanks.

Distinguished Expert
spuluka
Posts: 2,763
Registered: ‎03-30-2009
0

Re: VPN configuration change: moving outgoing interface from serial 1/0 to ethernet 0/1

I think the easiest method would be to download the configuration file and do a search and replace for the outgoing interface in the gateway.

 

The configuration can be downloaded under:

Configureat--Update--Config File

 

This is also where you will apply the revised configuration with the replace option.

 

The Gateway command statement sample is like this:

 

set ike gateway "GatewayRemote1" address remote1.site.com Main outgoing-interface "ethernet0/1" preshare "K8cYqf+6NFYhCoHjw2J8nulQvn5Q==" sec-level standard

 

You would use search and replace a unique pattern from say outgoing-interface through preshare

 

outgoing-interface "serial1/0" preshare

to

outgoing-interface "ethernet0/1" preshare

 

Double check the matching pattern with your file.  Then confirm the file looks good by using the compare file function in your word processor.  This will highlight all the differences so you can see that only these commands changed.

 

Then upload it when you move the firewall with the replace option.

Steve Puluka BSEET
Juniper Ambassador
Senior Network Engineer - UPMC Pittsburgh, PA
JNCIA-ER JNCIA-EX JNCIS-SEC JNCIP-SEC
JNCIS-FWV JNCIS-SSL
MCP - Managing Server 2003 MCP - Windows XP Professional
MCTS Windows 7
http://puluka.com/home
Visitor
arenault
Posts: 8
Registered: ‎07-13-2010
0

Re: VPN configuration change: moving outgoing interface from serial 1/0 to ethernet 0/1

Yes, that's what I figured would be the simplest.

Thanks for the reply...

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.