|
Home > Archive > CCNA > February 2003 > Setting up NetScreen 25 =Firewall and VPN
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Setting up NetScreen 25 =Firewall and VPN
|
|
| exo_wa 2003-02-17, 5:23 pm |
| Hi,
I am quite new to Networking. I am filling in for somone in the IT support for a company. I am given the task of setting up a NetScreen 25 as firewall and VPN access.
There are four interfaces in NS-25. To start with, it's decided that interface 1 will be used for all the private IPs starting with 192.168.1.X and Interface 3 will be used external IP with 207.10.14.50
Question is:
1) How do i configure this such that clients coming from interface1 (private IPs) will be able to access the Internet?
2) Once i set this up, how do i set up VPN access from outside?
3) Do I need to install NetScreen VPN client software in order to get this working?
I am sorry this is very basic, new-bie kind of questions to most of you. I am new. I am reading up on these things. But any helps at all on this would be much appreciated.
Thank you for all your help.
Exo
 | |
| Zambuka 2003-02-17, 5:51 pm |
| Hi,
I manage Netscreen 25. Unfortunately nobody from my work could help me when I was configuring this device, but I called to NS support team and they were just fabulous. You need to know the device # and I hope that you paid for support.
Read about transparent mode and routed mode (transparent mode easy to manage). If your company using DHCP you should register Vlan1 mac address on DHCP server and make it static. Also keep in mind that in order to manage device you have to be on the same trusted network or you always can connect to the device by terminal section (NS25 comes with the cable to plug in to your com port.
First make it work by configuring trusted interface for VLAN1 (if you afraid to mess up just attach in to the one of your computers). Create some rules for incoming and outgoing traffic. Go to the web interface and just look around to get use to it. It is just sounds difficult but I am sure you can do it. Create VPN only when you are able to manage Vlan1 and Vlan3. If you need some info go to NS web site.
Good luck.
P.S. CHANGE THE PASSWORD BECOUSE NETSCREEN COMES WITH STANDARD PASSWORD AND USER NAME (NETSCREEN) | |
| exo_wa 2003-02-17, 6:14 pm |
| Wow, Zambuka:
I rreally am thankful for your response to my posting. I am sure your tips will be helpful. I am completely new to this. And because of that, i am somewhat intimidated by it but i guess I have to break the sweats.
Regarding text support, unfortunately, my company didn't not buy. In fact, that was the first thing, i asked. I will take tips and see what i can come with....
Another question i have is:
Pinhole---Supposedly, when you press the Pinhole, it should reset all the info back to default. Well, this did not work for me.
I pressed the pinhole using the straight paper clip but all of the old configs still there.
What happened?
Thanks again, Zambuka.
-Exo | |
| Zambuka 2003-02-18, 8:48 am |
| If you don’t have documentation, let me know and I can send it to you. About pinhole I can tell you that it did not work for me too. What you should do is make a terminal connection to NS and type UNSET .
To make connection to the NS use VT100 Terminal Emulator (Hyper terminal in Windows) Connect RJ-45 serial cable between the console port on the NS device and serial port on your PC. Also before I started to work on NS-25 I got a book (firewalls for dummies) and it helped me a lot. | |
| exo_wa 2003-02-18, 11:48 am |
| I downloaded the .pdf file for the NS-25. Will reading up on it.
Book: Firewall for Dummies...i will check up on that.
Pinhole: Now i feel better knowing i am not the only one. Being so new to this. When things don't work out, i feel it's my fault.
UNSET: Unset would be the main command. What options do i use to reset everything back to factory default.
Documentation: I would not mind if you send me the doc. I have a different from what you have. I would appreciate VERY much.
Thanks again, Zumbuka.
-Exo | |
| Spides 2003-02-19, 3:39 pm |
| Exo_wa don't feel bad, I'm a MCSA and CCNA and i wouldn't know where to start so good luck!! | |
| mawwoods 2003-02-20, 5:50 pm |
| Saw this question on the CCDA forum, and would recommend having a look at the manufacturers web site as a first stop if you are not sure.
Some of them are a bit poor, but you can usually pick up something.
The netscreen website, for what it's worth, is excellent. comprehensive pdf with diagrams on how to set up individual models, and a good guide to VPN's.
(and no....I'm not on commission or doing a sales job.......)
Would say one thing though, decent product support makes life a hell of a lot easier!! |
|
|
|
|