Recent content by Njetscreamer

Eddy this is a little complicated to achieve and depends exactly how you want your users to log in. If you mean that you wish your users to do a domain login over a vpn tunnel, then this is achievable but not entirely straightforward. If you mean that you wish to authenticate your users and...

Hey gmen, if you are running in nat mode, you will need to create a mip for the traffic to be able to reach its destination. so if you have 3 live ip addresses that should correspond to 3 servers with internal ip addresses thenyou need to do the following. live ip range 1.1.1.1 - 1.1.1.3...

You did the following right ? ns25-> unset all Erase all system config, are you sure y/[n] ? y ns25-> reset Configuration modified, save? [y]/n n System reset, are you sure? y/[n] y In reset ... If you hit Y for config modified, save ? it will retain the config running in memory, and write...

No worries Oh, have fun with the box ;) Regards Njetscreamer

Tsaunat, there may be something odd going on somewhere then, to be honest if this is a netscreen to netscreen tunnel, it may be easier to alter the config to be a route based tunnel and set you policies to permit instead of tunnel. This will still encrypt and tunnel the traffic but remove the...

Tsaunat, what version of code are you currently running , is it 5.2.0rx or earlier ? Also another thing that may be of note is how the vpn is configured (is it policy or route based as policy ordering becomes very important when it is policy based). The other thing that would be of interest...

Oh, sorry my mistake, you need to be in trust untrust mode first so you need to 5gt> exec port trust-untrust allow it to reboot and follow the last post. Kind regards Njetscreamer

Tony, what do you mean by NAT timeout ? do you mean session timeout (the netscreen is statefull and remembers the sessions running through the box) Kind regards Njetscreamer

The answer is a little along the lines of how long is a piece of string. From the start, have you 1) configured a service at both ends of the tunnel 2) setup a policy on both sides permitting this new service through. What kind of tunnel is this , route based or policy based, if policy based...

If this is an out of the box Screen then do the following, as the boxes are hierarchical. Hence as you have 192.168.1.1/24 as the default ip address on e1, e1 is bound to zone trust, you must first remove the ip before you can alter zone. NS5GT>unset int e1 ip NS5GT>set int e1 zone v1-trust...

Sorry Dave, url is http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=ibm&lndocid=MIGR-49213 Kind regards Njetscreamer

dmgoss, the difference in the drive trays is that you will notice on a u320 tray there is a longer 'tab' on the right hand side of the tray as you look at it front on, as well as there being a sca-2 extension on the rear of the u160 tray. The reason for this is to allow for backward...

David, seems it has allready been released. Run a search on document id MIGR-49213 at www.pc.ibm.com/support Use the top search field in the 'black ' bar at the top of the page. Kind regards Njetscreamer

Ghasset, a mip requires you to have an external ip address hosted on your 5xp, which can be the 'untrust' ip address. This you then map to an internal address e.g. 192.168.1.200. whenever you initiate traffic from the .200 address it will traverse the unit and pop out of the netscreen sporting...

Shrubble, I though NetScreens did NAPT (shown as NAT). If this is the case then I can see that the source port of the traffic would be altered so that the session table can be populated. However there used to be a fix port option available, have you tried this ? Kind regards Njetscreamer