|
Home > Archive > CCDA/CCDP > February 2003 > Setting up NetScreen 25 =Firewall and VPN
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Setting up NetScreen 25 =Firewall and VPN
|
|
| exo_wa 2003-02-17, 5:25 pm |
| Hi,
I am quite new to Networking. I am filling in for somone in the IT support for a company. I am given the task of setting up a NetScreen 25 as firewall and VPN access.
There are four interfaces in NS-25. To start with, it's decided that interface 1 will be used for all the private IPs starting with 192.168.1.X and Interface 3 will be used external IP with 207.10.14.50
Question is:
1) How do i configure this such that clients coming from interface1 (private IPs) will be able to access the Internet?
2) Once i set this up, how do i set up VPN access from outside?
3) Do I need to install NetScreen VPN client software in order to get this working?
I am sorry this is very basic, new-bie kind of questions to most of you. I am new. I am reading up on these things. But any helps at all on this would be much appreciated.
Thank you for all your help.
Exo
 | |
| mawwoods 2003-02-18, 2:14 am |
| Just had a quick look on the web, and the netscreen website has a pdf for how to configure the netscreen 25.
http://www.netscreen.com/support/downloads/In_25.pdf
I have not had a chance to look though it yet, but will do tonight (UK time!) if no one else has by then.... | |
| mawwoods 2003-02-18, 1:56 pm |
| Ok, have had a look at a few more documents.
As regards your first question, you will need to use something called Network Address Translation (NAT). This will convert your private ip addresses to the public ip address so they can be sent out to the internet.
You will need to plug the network, an RJ45 crossover cable, from your internal network into the socket marked PORT 1 on the netscreen 25.
If that plugs into a hub or switch, if you plug a laptop or pc into that hub or switch, you will then be able to setup NAT and VPN policies on the netscreen 25 using internet explorer on the pc (just type 192.68.1.1 into the address bar).
I would advise not connecting Port 3 (which is the RJ45 connection to the internet) until you have set up your basic security settings.
As for setting up a VPN, you are going to have a fairly complicated task on your hands (sorry!). To type out full instructions even knowing your full requirements would take a long time. Have a look at the netscreen websites pdf on:
http://www.netscreen.com/support/downloads/CE_v4.pdf
The best thing to do is have a specific look at pages 70-74 and 76-90. This shows how to configure a VPN using the web based configuration facility above. You will need to set up tunnels, facilities to use VPN's with NAT etc etc etc.
If you are not confident to go through the steps there, I would advise you get someone in (either in-house or external).
Unless anyone else here thinks otherwise? I am definitely not the most comptent network person here!
Good luck! | |
| exo_wa 2003-02-18, 2:13 pm |
| Thank you so much for the reply.
I am sure all the tips will be helpful.
I am given different tasks, now I am working on installing Symantec Corporate Edition on a Server to which I am also new.
Thanks again.
-Exo |
|
|
|
|