Hi,
I'm trying setup two netscreen in tranparent mode, i send config in attach, but i can't ping from on PC with ip address 192.168.1.1/24 connected to netscreen A to another whit 192.168.1.2/24 connected do netscreen B.
In this command:
set vrouter trust-vr route 0.0.0.0/0 interface vlan1 gateway 1.1.1.250
I don't have this gateway,but i am in same subnet so i don't need it ?
I want to foward 3 VLANS from one site to another, could some one help me please.
BR
Mc
I have configured:
Netscreen A
**********************************************
unset interface ethernet1 ip
unset interface ethernet1 zone
set interface ethernet1 zone v1-trust
set zone v1-trust manage web
set zone v1-trust manage telnet
set zone v1-trust manage ping32
unset interface ethernet3 ip
unset interface ethernet3 zone
set interface ethernet3 zone v1-untrust
set interface vlan1 ip 1.1.1.1/24
set interface vlan1 manage-ip 1.1.1.2
set interface vlan1 manage web
set interface vlan1 manage telnet
set interface vlan1 manage ping
set address v1-trust local_lan 1.1.1.0/24
set address v1-untrust peer_lan 2.2.2.0/24
set ike gateway gw1 address 2.2.2.2 main outgoing-interface v1-untrust preshare h1p8A24nG5 sec-level compatible
set vpn vpn1 gateway gw1 sec-level compatible
set vrouter trust-vr route 0.0.0.0/0 interface vlan1 gateway 1.1.1.250
set policy top from v1-trust to v1-untrust local_lan peer_lan any tunnel vpn vpn1
set policy top from v1-untrust to v1-trust peer_lan local_lan any tunnel vpn vpn1
save
Netscreen B
**********************************************
unset interface ethernet1 ip
unset interface ethernet1 zone
set interface ethernet1 zone v1-trust
set zone v1-trust manage
unset interface ethernet3 ip
unset interface ethernet3 zone
set interface ethernet3 zone v1-untrust
set interface vlan1 ip 2.2.2.2/24
set interface vlan1 manage-ip 2.2.2.3
set interface vlan1 manage
set address v1-trust local_lan 2.2.2.0/24
set address v1-untrust peer_lan 1.1.1.0/24
set ike gateway gw1 address 1.1.1.1 main outgoing-interface v1-untrust preshare h1p8A24nG5 sec-level compatible
set vpn vpn1 gateway gw1 sec-level compatible
set vrouter trust-vr route 0.0.0.0/0 interface vlan1 gateway 2.2.2.250
set policy top from v1-trust to v1-untrust local_lan peer_lan any tunnel vpn vpn1
set policy top from v1-untrust to v1-trust peer_lan local_lan any tunnel vpn vpn1
I'm trying setup two netscreen in tranparent mode, i send config in attach, but i can't ping from on PC with ip address 192.168.1.1/24 connected to netscreen A to another whit 192.168.1.2/24 connected do netscreen B.
In this command:
set vrouter trust-vr route 0.0.0.0/0 interface vlan1 gateway 1.1.1.250
I don't have this gateway,but i am in same subnet so i don't need it ?
I want to foward 3 VLANS from one site to another, could some one help me please.
BR
Mc
I have configured:
Netscreen A
**********************************************
unset interface ethernet1 ip
unset interface ethernet1 zone
set interface ethernet1 zone v1-trust
set zone v1-trust manage web
set zone v1-trust manage telnet
set zone v1-trust manage ping32
unset interface ethernet3 ip
unset interface ethernet3 zone
set interface ethernet3 zone v1-untrust
set interface vlan1 ip 1.1.1.1/24
set interface vlan1 manage-ip 1.1.1.2
set interface vlan1 manage web
set interface vlan1 manage telnet
set interface vlan1 manage ping
set address v1-trust local_lan 1.1.1.0/24
set address v1-untrust peer_lan 2.2.2.0/24
set ike gateway gw1 address 2.2.2.2 main outgoing-interface v1-untrust preshare h1p8A24nG5 sec-level compatible
set vpn vpn1 gateway gw1 sec-level compatible
set vrouter trust-vr route 0.0.0.0/0 interface vlan1 gateway 1.1.1.250
set policy top from v1-trust to v1-untrust local_lan peer_lan any tunnel vpn vpn1
set policy top from v1-untrust to v1-trust peer_lan local_lan any tunnel vpn vpn1
save
Netscreen B
**********************************************
unset interface ethernet1 ip
unset interface ethernet1 zone
set interface ethernet1 zone v1-trust
set zone v1-trust manage
unset interface ethernet3 ip
unset interface ethernet3 zone
set interface ethernet3 zone v1-untrust
set interface vlan1 ip 2.2.2.2/24
set interface vlan1 manage-ip 2.2.2.3
set interface vlan1 manage
set address v1-trust local_lan 2.2.2.0/24
set address v1-untrust peer_lan 1.1.1.0/24
set ike gateway gw1 address 1.1.1.1 main outgoing-interface v1-untrust preshare h1p8A24nG5 sec-level compatible
set vpn vpn1 gateway gw1 sec-level compatible
set vrouter trust-vr route 0.0.0.0/0 interface vlan1 gateway 2.2.2.250
set policy top from v1-trust to v1-untrust local_lan peer_lan any tunnel vpn vpn1
set policy top from v1-untrust to v1-trust peer_lan local_lan any tunnel vpn vpn1