Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01 Manual page 279

Copyright © 2010, Juniper Networks, Inc.
first two subinterfaces are for two private virtual systems operating in NAT mode, and
the third subinterface is for a public virtual system operating in Route mode. All virtual
systems share the untrust zone and its interface with the root system. The untrust zone
is in the untrust-vr routing domain. For vsys1 and vsys2, you use the default virtual router.
For vsys3, you choose the sharable root-level untrust-vr.
Add a NetScreen 5000 line of security device running ScreenOS 5.2 as the root system,
1.
and then configure the network module:
Double-click the device to open the device configuration. In the device navigation
tree, select Network > Slot.
Double-click slot 2 to display the slot configuration dialog box. For Card Type, select
5000-8G SPM.
Click OK to save the slot configuration.
Add three vsys devices:
2.
Vsys1 and Vsys 2 use the default virtual router.
Vsys3 uses the existing untrust-vr virtual router.
Create a subinterface for vsys1
In the NSM navigation tree, select Device Manager > Devices, and then double-click
3.
vsys1.
In the device navigation tree, select Network > Interfaces. Click the Add icon and
4.
select Sub Interface.
In the subinterface general properties, configure the following settings, and then click
5.
OK:
For Interface, select ethernet2/3.1.
For Sub Interface Type, select tag.
For VLAN tag, select 1.
For Zone, select trust-vsys1.
For IP Address and Netmask, enter 10.1.1.1/24.
Create subinterface for vsys2:
6.
In the NSM navigation tree, select Device Manager > Devices, and then double-click
vsys2.
In the device navigation tree, select Network > Interfaces. Click the Add icon and
select Sub Interface.
In the subinterface general properties, configure the following settings, and then click
7.
OK:
For Interface, select ethernet2/3.2.
For Sub Interface Type, select tag.
Chapter 8: Configuring VPNs
255