Hi I have just replaced a working but old soho router with a new 5GT (ScreenOs 5.0)
and I am having troubles to connect internet.
New 5GT was configured using setup wizard, everything is kept default. Trust uses NAT. trust port ip is 192.168.1.1/24. Trust acts as DHCP server to trust PCs.
Untrust port receives IP from DHCP and
acts as DHCP client.
Trust and untrust ports are in trustvr,
there is a default routing.
Policies untouched, by default trust to untrust everything is open.
Old soho router was receiving a it's dynamic IP
and also DNS server IP from the ISP and
was able to distribute 192.68.1 network addresses
and DNS server address to PC's in trust network.
It was working fine.
But with 5GT it does not.
Connections in trust network are OK.
PC's are getting their IP's from 5GT is OK
(except the DNS server address)
Then DNS resolution fails.
If I set the DNS server address manualy
they are able to resolve web names but
still can't receive web pages.
5GT reports:
DHCP client is unable to get IP address for interface untrust
Has anybody an idea what I am missing?
This is the "get config"
set clock timezone 0
set vrouter trust-vr sharable
set vrouter "trust-vr" auto-route-export
set auth-server "Local" id 0
set auth-server "Local" server-name "Local"
set auth default auth server "Local"
set zone "Trust" vrouter "trust-vr"
set zone "Untrust" vrouter "trust-vr"
set zone "VLAN" vrouter "trust-vr"
set zone "Trust" tcp-rst
set zone "Untrust" block
unset zone "Untrust" tcp-rst
set zone "MGT" block
set zone "VLAN" block
set zone "VLAN" tcp-rst
set zone "Untrust" screen tear-drop
set zone "Untrust" screen syn-flood
set zone "Untrust" screen ping-death
set zone "Untrust" screen ip-filter-src
set zone "Untrust" screen land
set zone "V1-Untrust" screen tear-drop
set zone "V1-Untrust" screen syn-flood
set zone "V1-Untrust" screen ping-death
set zone "V1-Untrust" screen ip-filter-src
set zone "V1-Untrust" screen land
set interface "trust" zone "Trust"
set interface "untrust" zone "Untrust"
unset interface vlan1 ip
set interface trust ip 192.168.1.1/24
set interface trust nat
unset interface vlan1 bypass-others-ipsec
unset interface vlan1 bypass-non-ip
set interface trust ip manageable
set interface trust dhcp server service
set interface trust dhcp server auto
set interface trust dhcp server option lease 7200
set interface trust dhcp server option gateway 192.168.1.1
set interface trust dhcp server option netmask 255.255.255.0
set interface trust dhcp server ip 192.168.1.50 to 192.168.1.100
set interface untrust dhcp-client enable
set flow tcp-mss
set hostname ns5gt
set ike respond-bad-spi 1
set pki authority default scep mode "auto"
set pki x509 default cert-path partial
set policy id 1 from "Trust" to "Untrust" "Any" "Any" "ANY" permit
set global-pro policy-manager primary outgoing-interface untrust
set global-pro policy-manager secondary outgoing-interface untrust
set ssh version v2
set config lock timeout 5
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
set preference ebgp 250
set preference ibgp 40
unset add-default-route
exit
and I am having troubles to connect internet.
New 5GT was configured using setup wizard, everything is kept default. Trust uses NAT. trust port ip is 192.168.1.1/24. Trust acts as DHCP server to trust PCs.
Untrust port receives IP from DHCP and
acts as DHCP client.
Trust and untrust ports are in trustvr,
there is a default routing.
Policies untouched, by default trust to untrust everything is open.
Old soho router was receiving a it's dynamic IP
and also DNS server IP from the ISP and
was able to distribute 192.68.1 network addresses
and DNS server address to PC's in trust network.
It was working fine.
But with 5GT it does not.
Connections in trust network are OK.
PC's are getting their IP's from 5GT is OK
(except the DNS server address)
Then DNS resolution fails.
If I set the DNS server address manualy
they are able to resolve web names but
still can't receive web pages.
5GT reports:
DHCP client is unable to get IP address for interface untrust
Has anybody an idea what I am missing?
This is the "get config"
set clock timezone 0
set vrouter trust-vr sharable
set vrouter "trust-vr" auto-route-export
set auth-server "Local" id 0
set auth-server "Local" server-name "Local"
set auth default auth server "Local"
set zone "Trust" vrouter "trust-vr"
set zone "Untrust" vrouter "trust-vr"
set zone "VLAN" vrouter "trust-vr"
set zone "Trust" tcp-rst
set zone "Untrust" block
unset zone "Untrust" tcp-rst
set zone "MGT" block
set zone "VLAN" block
set zone "VLAN" tcp-rst
set zone "Untrust" screen tear-drop
set zone "Untrust" screen syn-flood
set zone "Untrust" screen ping-death
set zone "Untrust" screen ip-filter-src
set zone "Untrust" screen land
set zone "V1-Untrust" screen tear-drop
set zone "V1-Untrust" screen syn-flood
set zone "V1-Untrust" screen ping-death
set zone "V1-Untrust" screen ip-filter-src
set zone "V1-Untrust" screen land
set interface "trust" zone "Trust"
set interface "untrust" zone "Untrust"
unset interface vlan1 ip
set interface trust ip 192.168.1.1/24
set interface trust nat
unset interface vlan1 bypass-others-ipsec
unset interface vlan1 bypass-non-ip
set interface trust ip manageable
set interface trust dhcp server service
set interface trust dhcp server auto
set interface trust dhcp server option lease 7200
set interface trust dhcp server option gateway 192.168.1.1
set interface trust dhcp server option netmask 255.255.255.0
set interface trust dhcp server ip 192.168.1.50 to 192.168.1.100
set interface untrust dhcp-client enable
set flow tcp-mss
set hostname ns5gt
set ike respond-bad-spi 1
set pki authority default scep mode "auto"
set pki x509 default cert-path partial
set policy id 1 from "Trust" to "Untrust" "Any" "Any" "ANY" permit
set global-pro policy-manager primary outgoing-interface untrust
set global-pro policy-manager secondary outgoing-interface untrust
set ssh version v2
set config lock timeout 5
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
set preference ebgp 250
set preference ibgp 40
unset add-default-route
exit