Ethernet Switching
Ethernet Switching

configuring access list on juniper 4600ex

‎08-15-2018 10:20 PM

We have cisco 3750 in production need to replace with juniper 4600ex;

confused with access list part.please help me:

 

Extended IP access list VERIZON
    10 deny tcp 172.27.31.0 0.0.0.255 172.27.0.0 0.0.255.255 eq 3389 (15 matches)
    20 permit tcp 172.27.31.0 0.0.0.255 any eq 1985
    30 permit udp 172.27.31.0 0.0.0.255 any eq 1985
    40 permit udp any eq bootpc any eq bootps
    50 permit ip 172.27.31.0 0.0.0.255 host 172.27.10.11
    51 permit ip 172.27.31.0 0.0.0.255 host 172.27.67.69
    52 permit ip 172.27.31.0 0.0.0.255 host 172.27.67.97
    150 permit ip 172.27.31.0 0.0.0.255 host 172.27.67.119
    160 permit ip 172.27.31.0 0.0.0.255 host 172.27.67.85
    161 permit ip 172.27.31.0 0.0.0.63 host 172.27.67.104
    162 permit ip 172.27.31.0 0.0.0.63 host 172.27.67.53
    163 permit ip 172.27.31.0 0.0.0.63 host 172.27.67.110
    164 permit ip 172.27.31.0 0.0.0.255 host 172.27.67.59
    180 permit ip 172.27.31.0 0.0.0.255 host 166.68.85.77
    200 permit ip 172.27.31.0 0.0.0.255 172.27.31.0 0.0.0.255
    210 permit ip 172.27.31.0 0.0.0.255 host 172.27.67.21
    220 permit tcp 172.27.31.0 0.0.0.255 host 172.27.67.95
    230 permit ip 172.27.31.0 0.0.0.255 host 172.27.67.32
    240 permit ip 172.27.31.0 0.0.0.255 host 172.27.67.33
    250 permit ip 172.27.31.0 0.0.0.255 host 172.27.67.45
    260 permit ip 172.27.31.0 0.0.0.255 host 172.27.67.58

 

interface Vlan150

ip access-group VERIZON in

 

these are cisco access-lists i need to convert all for juniper.

 

will you please help me...

I'm confused to use term parameter in this case.

 

 

Viru

1 REPLY 1
Ethernet Switching

Re: configuring access list on juniper 4600ex

‎08-15-2018 10:45 PM

Hi,

 

The term part of the firewall filter is an identifier, much like the sequence number of the cisco ACL.

 

See the juniper documentation about configuring your filter corectly.

exmaple;

  10 deny tcp 172.27.31.0 0.0.0.255 172.27.0.0 0.0.255.255 eq 3389 (15 matches)

set firewall family inet filter verizon term 10 from protocol tcp
set firewall family inet filter verizon term 10 from source-address 172.27.31.0/24
set firewall family inet filter verizon term 10 from destination-address 172.27.0.0/16
set firewall family inet filter verizon term 10 from destination-port 3389
set firewall family inet filter verizon term 10 then discard

 

Tim