Search results for query: *

Eddy this is a little complicated to achieve and depends exactly how you want your users to log in. If you mean that you wish your users to do a domain login over a vpn tunnel, then this is achievable but not entirely straightforward. If you mean that you wish to authenticate your users and...

Hey gmen, if you are running in nat mode, you will need to create a mip for the traffic to be able to reach its destination. so if you have 3 live ip addresses that should correspond to 3 servers with internal ip addresses thenyou need to do the following. live ip range 1.1.1.1 - 1.1.1.3...

You did the following right ? ns25-> unset all Erase all system config, are you sure y/[n] ? y ns25-> reset Configuration modified, save? [y]/n n System reset, are you sure? y/[n] y In reset ... If you hit Y for config modified, save ? it will retain the config running in memory, and write...

No worries Oh, have fun with the box ;) Regards Njetscreamer

Tsaunat, there may be something odd going on somewhere then, to be honest if this is a netscreen to netscreen tunnel, it may be easier to alter the config to be a route based tunnel and set you policies to permit instead of tunnel. This will still encrypt and tunnel the traffic but remove the...

Tsaunat, what version of code are you currently running , is it 5.2.0rx or earlier ? Also another thing that may be of note is how the vpn is configured (is it policy or route based as policy ordering becomes very important when it is policy based). The other thing that would be of interest...

Oh, sorry my mistake, you need to be in trust untrust mode first so you need to 5gt> exec port trust-untrust allow it to reboot and follow the last post. Kind regards Njetscreamer

Tony, what do you mean by NAT timeout ? do you mean session timeout (the netscreen is statefull and remembers the sessions running through the box) Kind regards Njetscreamer

The answer is a little along the lines of how long is a piece of string. From the start, have you 1) configured a service at both ends of the tunnel 2) setup a policy on both sides permitting this new service through. What kind of tunnel is this , route based or policy based, if policy based...

If this is an out of the box Screen then do the following, as the boxes are hierarchical. Hence as you have 192.168.1.1/24 as the default ip address on e1, e1 is bound to zone trust, you must first remove the ip before you can alter zone. NS5GT>unset int e1 ip NS5GT>set int e1 zone v1-trust...

Sorry Dave, url is http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=ibm&lndocid=MIGR-49213 Kind regards Njetscreamer

dmgoss, the difference in the drive trays is that you will notice on a u320 tray there is a longer 'tab' on the right hand side of the tray as you look at it front on, as well as there being a sca-2 extension on the rear of the u160 tray. The reason for this is to allow for backward...

David, seems it has allready been released. Run a search on document id MIGR-49213 at www.pc.ibm.com/support Use the top search field in the 'black ' bar at the top of the page. Kind regards Njetscreamer

Ghasset, a mip requires you to have an external ip address hosted on your 5xp, which can be the 'untrust' ip address. This you then map to an internal address e.g. 192.168.1.200. whenever you initiate traffic from the .200 address it will traverse the unit and pop out of the netscreen sporting...

Shrubble, I though NetScreens did NAPT (shown as NAT). If this is the case then I can see that the source port of the traffic would be altered so that the session table can be populated. However there used to be a fix port option available, have you tried this ? Kind regards Njetscreamer

Morpth, you can indeed port forward. On a NetScreen this would require setting a VIP, which forwards inbound traffic to an internal ip address based on port. e.g. if you have a vip configured on 1.1.1.1 then you could designate that port 80 goes to 192.168.1.10, 25 to 192.168.1.11, 110 to...

Sure, if we assume you have a router doing NAT to get you onto the internet. And this router had say the ip of 192.168.2.1 255.255.255.0 and your internal subnet (trust side of the netscreen) was 192.168.0.1 255.255.255.0 then the config would be as follows. NS>set int trust ip 192.168.0.1/24...

to change from transparent mode to nat mode, hop on to the cli. NS>unset int v1-trust zone NS>unset int v1-untrust zone NS>set int trust zone trust NS>set int untrust zone untrust NS>set int trust ip a.b.c.d W.X.Y.Z NS>set int untrust ip e.f.g.h s.t.u.v NS>set route 0.0.0.0/0 int untrust gate...

O.k. so have a background in firewalls and I figured I ought to do a little more work in other areas get a better understanding of routing and switching. I got a little 2600 and a 1600 just to use for labs at home and have tried with no success to get the 2 talking to each other. The are...

Weijinu, I don't have the exact data to hand but there is a difference in the amount of sessions it will handle, the amound of SA's it can have (tunnels) and the 25 is a more flexible device than the 5gt in as far as its more configurable from a zone point of view. Both devices can be...