Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01 Manual page 94
Configuring screenos devices guide
Hide thumbs
Also See for NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01:
- Manual (340 pages) ,
- Administration manual (1026 pages) ,
- Installation manual (244 pages)
Table of Contents
Advertisement
Configuring ScreenOS Devices Guide
70
You set the Trust zone interface in NAT mode. It uses the Untrust zone interface IP address
as its source address in all outbound traffic except for traffic sent to the central office.
You configure a policy to the central office that translates the source address to an
address in the DIP pool in the extended interface. (The DIP pool ID number is 5. It contains
one IP address, which, with port address translation, can handle sessions for ~64,500
hosts.) The MIP address that the central office uses for inbound traffic is 200.1.1.1, which
you enter as " HQ" in the Untrust zone address book on each security device.
Each ISP must set up a route for traffic destined to a site at the end of a leased line to
use that leased line. The ISPs route any other traffic they receive from a local security
device to the Internet.
Add the devices:
1.
For Office A, add a NetScreen-208 security device.
For Office B, add a NetScreen-204 security device.
Configure ethernet1 (Trust Zone) for Office A:
2.
Double-click Office A device to open the device configuration. In the device navigation
tree, select Network > Interface.
Double-click ethernet1. The General Properties screen appears.
Configure IP address/netmask as 10.1.1.1/24 and Interface Mode as NAT.
3.
Click OK to save your changes.
4.
Configure ethernet3 (Untrust Zone) for Office A:
5.
In the device navigation tree, select Network > Interface.
Double-click ethernet3. The General Properties screen appears.
Configure IP address/netmask as 195.1.1.1/24 and Interface Mode as Route.
In the interface navigation tree, select NAT > DIP. Click the Add icon to display the
6.
New Dynamic IP dialog box. Configure the DIP, and then click OK:
Enter the DIP ID.
7.
Add multiple DIP ranges for a particular DIP ID as follows:
8.
Select the Multiple DIP Range check box.
Click the Add icon. The New MultiRange of DIP dialog box appears.
For Rang ID, enter 1.
For Lower IP, enter 210.10.1.1.
For Upper IP, enter 210.10.1.1.
For Start, enter 210.10.1.1.
9.
For End, enter 210.10.1.1.
10.
For Shift From, enter 10.10.1.2.
11.
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
Related Manuals for Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01
Related Products for Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - API GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING J SERIES SERVICES ROUTERS AND SRX SERIES SERVICES GATEWAYS GUIDE REV
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - NSMXPRESS SERIES II REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - M-SERIES AND MX-SERIES DEVICES GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.3
- Juniper NETWORK AND SECURITY MANAGER 2010.2
- Juniper MEDIA FLOW MANAGER 2.0.2 - ADMINISTRATOR S GUIDE AND CLI
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CATEGORY OFFENSE INVESTIGATION GUIDE REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT ADMINISTRATION GUIDE REV 1
- Juniper MEDIA FLOW CONTROLLER 2.0.5
Need help?
Do you have a question about the NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01 and is the answer not in the manual?