Re: To Alan Strassberg - Routing On Netscreen 5XP
From: Alan Strassberg (paleale_at_bolt.sonic.net)
Date: 08/07/05
- Next message: Alan Strassberg: "Re: firewall in internal network"
- Previous message: Jeff Liebermann: "Re: VOIP over Wi-Fi subject to eavesdropping?"
- In reply to: Ben: "To Alan Strassberg - Routing On Netscreen 5XP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 7 Aug 2005 13:00:02 -0500
In article <dcq7j4$lev$1@nwrdmz03.dmz.ncs.ea.ibs-infra.bt.com>,
Ben <bjblackmore@xyz.hotmail.com> wrote:
>Hi Alan,
>
>Dunno if you remember, but last week I posted a topic on routing through a
>Netscreen 5XP, to which you replied.
>I tried your solution, and could ping through the 5XP, managed to ping the
>gateway (192.168.0.1) and open the gateway http management page. However I
>couldn't get traffic to go any further than this. But if you plug into the
>network on the other side, not going through the netscreen, then I could go
>out through the gateway!
>
>Any ideas why I can't reach the internet when behind the netscreen?
Email to you bounced. Email your config to me. I said...
Is the 192.168.254.1 a typo ? You said the gateway was
192.168.0.1
I said ...
set interface trust ip 192.168.0.2/24
set interface untrust ip 10.0.0.1/24
set route 0.0.0.0/0 interface trust gateway 192.168.0.1
set policy id 7 from "Untrust" to "Trust" "10.0.0.10" "192.168.0.1/32"
"ANY" nat src permit log
No, the policy ID doesn't matter.
If 192.168.0.1 is the gateway the route needs to go there.
alan alanstrassberg @ yahoo.com
- Next message: Alan Strassberg: "Re: firewall in internal network"
- Previous message: Jeff Liebermann: "Re: VOIP over Wi-Fi subject to eavesdropping?"
- In reply to: Ben: "To Alan Strassberg - Routing On Netscreen 5XP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
