We're in the process of dropping in a new SRX240 to replace an aging Netscreen 25 device and replacing 2 bonded T1s with a new Ethernet circuit. While there will likely be some changed to the config in the near furture, we're looking to fire up the SRX and put it in place with minimal interruption. We'll save the clean up for later. I'm struggling to wrap my head around the basics here...
Our NS25 is currently fed by 2 bonded T1s routed through a Cisco router and the Cisco is attached to the Untrusted interface of the NS25. We're also making use of the DMZ on the NS25 and have a few servers on a switch there. The DMZ is exposed to the public through the use of Mapped IPs on the NS25. We also have have a few select machine on the private LAN that are exposed by Mapped IPs/Policies.
Service provider has given a /30 Service Provider IP and a /27 Customer LAN block.
What should a most basic interface config look like? Let's say the network interface device is connected to ge-0/0/15.
ge-0/0/15 {
description "WAN /30";
unit 0 {
description "WAN /30";
family inet {
address x.x.x.x/30;
}
}
}
routing-options {
interface-routes {
rib-group inet unicast-multicast-rib;
}
static {
rib-group unicast-multicast-rib;
route 0.0.0.0/0 {
next-hop x.x.x.x;
retain;
}
}
}
Seems reasonable, right? Now, for some reason, this is where I start to brain fart...
What happens to the y.y.y.y/27 addresses? They're routed from the Service Provider to the SRX. I need a VLAN ? Keep in mind that we don't have any actual switched or servers besides the Mapped IPs.
Interfaces {
vlan {
unit 1 {
description "LAN /27 Block";
family inet {
address y.y.y.y/27;
}
}
}
}
Am I on the right track here? What am I missing that will glue this together? And from what I've read, there isn't any easy template in the Web UI for creating those Mapped IPs? It's all done in the CLI using NAT? If so, can I get an example?
Any words of wisdom will be appreciated.