Refer to the ScreenOS 5.4 Concepts and Examples Guide, Volume 12: WAN, ADSL, Dial, and Wireless, for more information regarding WAN and PPP/Frame Relay options. DNS IP and also possibly domain name Below is an example of common information provided by a Telco/ISP for a T1 with PPP encapsulation, PAP authentication and static IP address for the serial interface. 3Ĥ LAN or publicly routable IP address/subnet mask and default gateway If PPP, User name/password and auth type (may be optional) If Frame Relay, DLCI, LMI and other FR options. These include but may not be limited to: WAN interface physical settings (T1, E1, Serial or DS3 options) Data link encapsulation settings (PPP, Frame Relay, Cisco HDLC) WAN address and subnet mask (Static IP or unnumbered) Copyright 2006, Juniper Networks, Inc. ![]() ![]() ![]() The information provided may vary amongst various providers, but there are several basic things which are required to properly configure the SSG to access the Internet. Telco/ISP Provided Information Your Telco/ISP will provide the necessary information to configure the SSG. The product list includes the following: SSG5/SSG20 SSG140 SSG520/SSG550 SSG520M/SSG550M Note, although the configuration example uses ScreenOS but also applies to branch for the SSG520/550. Refer to the ScreenOS 5.4 Concepts and Examples Guide, Volume 12: WAN, ADSL, Dial, and Wireless, for more information about ADSL or dialup modem applications. However this does not include ADSL or dialup modem connections. Included Platforms and ScreenOS This document applies to any ScreenOS-based platform that supports WAN interfaces. More information regarding these topics are available in our Concepts and Examples Reference Guides. Nor will this document cover extensive details about VPNs, MIPs or policies. This document is not intended to show all possible configuration examples. And finally this document includes an example of how to configure a VPN using the public IP of the SSG as the peer endpoint. This document also includes a typical MIP scenario using one of the available public IPs mapped to a private IP on the Trust zone. This example also assumes that you are given a WAN IP and also a public IP subnet range. In this example we are utilizing a T1 for Telco connectivity and PPP for the data link encapsulation. This document gives a typical deployment example for the SSG with a WAN interface. The SSG Series combines the two into one platform with the same functionality and security as the rest of the NetScreen Family of firewall/vpn products. Prior to the introduction of the SSG Series, these sites would normally employ an Ethernet-based NetScreen Firewall and a separate WAN routing device for connectivity to the Telco or ISP. ![]() 1 Application Note Configuring Serial Interface WAN and LAN for SSG Firewall/VPN Products Version 1.0 Richard Kim Advanced JTAC Tier 3 Customer Support Engineer Juniper Networks, Inc North Mathilda Avenue Sunnyvale, CA USA or 888 JUNIPERĢ Contents Contents.2 Introduction.3 Included Platforms and ScreenOS.3 Telco/ISP Provided Information.3 Use of the Loopback Interface.4 Network Topology.5 Configuration Example.5 Private IP Configuration.5 Serial Interface and PPP Configuration.5 Loopback Interface and DNS Configuration.6 Route-Based VPN Configuration.7 MIP on Loopback Configuration.8 Policy Configuration.8 Verifying Configuration.9 Debug Commands Copyright 2006, Juniper Networks, Inc.ģ Introduction The Juniper Networks Secure Services Gateway Series (SSG) represents a new class of purpose-built security appliance that delivers a mix of high performance, security and LAN/WAN connectivity for regional and branch office deployments.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |