INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Jobs

simple cisco to junos config conversion

simple cisco to junos config conversion

(OP)
Hello,
I have a Cisco 2800 router config and i need to convert it to junos
Thanks to check what i have done and inform me if it is correct
If you can also configure auto-failover for LAN traffic (By default use M1. But if M1 is down, use PacNet for outgoing) and VPN (external clients from outside network can use VPN to join the LAN and access LAN resources and internet connection)
Cisco Config
========================

policy-map NGNBN

class class-default

set cos 1

!

!

!

!

!

!

!

!

!



!!

interface GigabitEthernet0/0

mac-address acf2.c52d.382e

no ip address

duplex auto

speed auto

!

interface GigabitEthernet0/0.20

description PacNet

encapsulation dot1Q 20

ip address 123.45.54.198 255.255.255.252

ip nat outside

ip virtual-reassembly in

!

interface GigabitEthernet0/0.30

description LAN

encapsulation dot1Q 30

ip address 192.168.0.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

ip policy route-map PBR_LAN

!

interface GigabitEthernet0/0.40

description ServerFarm



encapsulation dot1Q 40 ip address 123.45.149.1 255.255.255.224

ip policy route-map PBR_ServerFarm

!

interface GigabitEthernet0/0.1103

description M1

encapsulation dot1Q 1103

ip address dhcp

ip nat outside

ip virtual-reassembly in

no cdp enable

service-policy output NGNBN

!


ip forward-protocol nd

no ip http server

no ip http secure-server

!



ip nat pool LAN-to-PacNet 123.45.149.0 123.45.149.0 netmask 255.255.255.224

ip nat inside source route-map NAT_M1 interface GigabitEthernet0/0.1103 overload

ip nat inside source route-map NAT_PacNet pool LAN-to-PacNet overload

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0.1103

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0.20 10

!

ip access-list extended LAN

permit ip 192.168.0.0 0.0.0.255 any

deny ip any any

ip access-list extended PacNetServices

deny ip any 123.45.149.0 0.0.0.31

deny ip any any

ip access-list extended ServerFarm-to-WAN

deny ip 123.45.149.0 0.0.0.31 192.168.0.0 0.0.0.255

permit ip any any

!

logging esm config

!

!

!

!

route-map PBR_ServerFarm permit 10



match ip address ServerFarm-to-WAN set ip next-hop 123.45.54.197

set interface GigabitEthernet0/0.20

!

route-map NAT_PacNet permit 10

match ip address LAN

match interface GigabitEthernet0/0.20

!

route-map PBR_LAN permit 10

match ip address PacNetServices

set interface GigabitEthernet0/0.20 GigabitEthernet0/0.1103

!

route-map NAT_M1 permit 10

match ip address LAN

match interface GigabitEthernet0/0.1103

!
=======================

Juniper
=================


interfaces {
/* Created from IOS Interface: gigabitethernet0/0 */
ge-0/0/0 {
hold-time up 0 down 2000;
mac acf2.c52d.382e;
vlan-tagging;
unit 0 {
proxy-arp;
}
unit 20 {
description "PacNet";
proxy-arp;
vlan-id 20;
family inet {
address 123.45.54.198/30;
}
}
unit 30 {
description "LAN";
proxy-arp;
vlan-id 30;
family inet {
address 192.168.0.1/24;
filter {
input pbr_lan-filter;
}
}
}
unit 40 {
description "ServerFarm";
proxy-arp;
family inet {
filter {
input pbr_serverfarm-filter;
}
}
}
unit 1103 {
description "M1";
proxy-arp;
vlan-id 1103;
}
}
}
routing-options {
rib-groups {
pbr_lan-group {
import-rib [ inet.0 PBR_ServerFarm-10.inet.0 NAT_PacNet-10.inet.0 PBR_LAN-10.inet.0 NAT_M1-10.inet.0 ];
}
pbr_serverfarm-group {
import-rib [ inet.0 PBR_ServerFarm-10.inet.0 NAT_PacNet-10.inet.0 PBR_LAN-10.inet.0 NAT_M1-10.inet.0 ];
}
}
interface-routes {
rib-group inet pbr_lan-group;
}
}
routing-instances {
PBR_ServerFarm-10 {
instance-type forwarding;
routing-options {
static {
route 0.0.0.0/0 next-hop ge-0/0/0.20;
}
}
}
NAT_PacNet-10 {
instance-type forwarding;
routing-options {
static {
route 0.0.0.0/0;
}
}
}
PBR_LAN-10 {
instance-type forwarding;
routing-options {
static {
route 0.0.0.0/0;
}
}
}
NAT_M1-10 {
instance-type forwarding;
routing-options {
static {
route 0.0.0.0/0;
}
}
}
}
policy-options {
policy-statement al-LAN {
/* permit ip 192.168.0.0 0.0.0.255 any */
term term-1 {
from route-filter 192.168.0.0/24 orlonger;
then accept;
}
/* deny ip any any */
term term-2 {
from route-filter 0.0.0.0/0 orlonger;
then reject;
}
term ios-implicit-deny {
then reject;
}
}
policy-statement rm-NAT_M1 {
term term-1 {
from {
interface ge-0/0/0.1103;
policy al-LAN;
}
then accept;
}
term ios-implicit-deny {
then reject;
}
}
policy-statement rm-NAT_PacNet {
term term-1 {
from {
interface ge-0/0/0.20;
policy al-LAN;
}
then accept;
}
term ios-implicit-deny {
then reject;
}
}
policy-statement rm-PBR_LAN {
term ios-implicit-deny {
then reject;
}
}
}
firewall {
family {
inet {
filter pbr_lan-filter {
/* deny ip any 123.45.149.0 0.0.0.31
deny ip any any */
term T1 {
from {
destination-address {
123.45.149.0/27;
}
}
then {
accept;
}
}
term default {
then {
accept;
}
}
}
filter pbr_serverfarm-filter {
/* deny ip 123.45.149.0 0.0.0.31 192.168.0.0 0.0.0.255 */
term T1 {
from {
source-address {
123.45.149.0/27;
}
destination-address {
192.168.0.0/24;
}
}
then {
accept;
}
}
/* permit ip any any */
term T2 {
then {
routing-instance PBR_ServerFarm-10;
}
}
term default {
then {
accept;
}
}
}
}
}
}
====================

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Resources

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close