Hi,
I have pix 525 in my running network which not running smoothly due to some hardware fault and it is replaced by srx220. I am completely new with juniper products, So will any one can help me how to configure the srx-220. I am sending the configuration of cisco pix and the network diagram.
PIX Version 6.3(4)
interface ethernet0 auto
interface ethernet1 auto
interface gb-ethernet0 1000auto shutdown
interface gb-ethernet1 1000auto shutdown
interface ethernet2 100full
interface ethernet3 100full
interface ethernet4 auto shutdown
interface ethernet5 auto shutdown
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif gb-ethernet0 inside1 security99
nameif gb-ethernet1 inside2 security90
nameif ethernet2 intf4 security8
nameif ethernet3 radio-phy security10
nameif ethernet4 intf6 security12
nameif ethernet5 intf7 security14
enable password ################# encrypted
passwd ################ encrypted
hostname cupix
domain-name cupix.com
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list acl_out permit icmp any any
access-list acl_out permit udp any any eq domain
access-list acl_out permit ip any any
access-list acl_out permit tcp any any
access-list acl_in permit icmp any any
access-list acl_in permit udp any any eq domain
access-list acl_in permit tcp any any
access-list RADIO-PHY permit ip host 10.0.3.2 any
access-list RADIO-PHY permit ip host 10.0.3.3 any
access-list RADIO-PHY permit tcp 10.0.3.0 255.255.255.0 any
access-list RJABZR_CASH permit ip host 10.0.2.2 any
access-list RJABZR_CASH permit ip host 10.0.2.3 any
access-list RJABZR_CASH permit ip host 10.0.2.4 any
access-list RJABZR_CASH permit ip host 10.0.2.5 any
access-list RJABZR_CASH permit ip host 10.0.2.6 any
access-list RJABZR_CASH permit ip host 10.0.2.10 any
access-list RJABZR_CASH permit ip host 10.0.2.11 any
pager lines 24
mtu outside 1500
mtu inside 1500
mtu inside1 1500
mtu inside2 1500
mtu intf4 1500
mtu radio-phy 1500
mtu intf6 1500
mtu intf7 1500
ip address outside 172.20.1.2 255.255.255.0
ip address inside 172.16.0.250 255.255.255.248
no ip address inside1
no ip address inside2
no ip address intf4
ip address radio-phy 192.110.1.1 255.255.255.0
no ip address intf6
no ip address intf7
ip audit info action alarm
ip audit attack action alarm
no failover
failover timeout 0:00:00
failover poll 15
no failover ip address outside
no failover ip address inside
no failover ip address inside1
no failover ip address inside2
no failover ip address intf4
no failover ip address radio-phy
no failover ip address intf6
no failover ip address intf7
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list RJABZR_CASH
nat (inside) 1 10.3.64.74 255.255.255.255 0 0
nat (inside) 1 172.16.1.11 255.255.255.255 0
nat (inside) 1 172.16.110.2 255.255.255.255 0 0
nat (inside) 1 172.16.0.248 255.255.255.248 0 0
nat (inside) 1 172.16.11.248 255.255.255.248 0 0
nat (inside) 1 10.0.2.0 255.255.255.0 0 0
nat (inside) 1 172.10.1.0 255.255.255.0 0 0
nat (inside) 1 172.16.11.0 255.255.255.0 0 0
nat (inside) 1 172.16.100.0 255.255.255.0 0 0
nat (inside) 1 192.110.1.0 255.255.255.0 0 0
nat (inside) 1 192.168.50.0 255.255.255.0 0 0
nat (inside) 1 172.16.0.0 255.255.0.0 0 0
access-group acl_out in interface outside
access-group acl_in i
route outside 0.0.0.0 0.0.0.0 172.20.1.1 1
route inside 10.0.2.0 255.255.255.0 172.16.0.249 1
route inside 10.0.3.0 255.255.255.0 172.16.0.249 1
route inside 10.3.64.0 255.255.224.0 172.16.0.249 1
route inside 172.10.0.0 255.255.0.0 172.16.0.249 1
route inside 172.10.1.0 255.255.255.0 172.16.0.249 1
route inside 172.16.0.0 255.255.0.0 172.16.0.249 1
route inside 192.168.50.0 255.255.255.0 172.16.0.249 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet 172.16.0.0 255.255.0.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
Thanks:
Anand Chourasia
anand.chourasia9@gmail.com