How to Enable manage IP address on SSG550M backup firewall running NSRP



  • Dear all,

    I have already setup two netscreen SSG550m firewalls runn NSRP, the confiugration is follow. After I configurated NSRP, I cannot telnet or via web to manage backup netscreen. Except, I fail over to backup. How can I to telnet master & backup concurrently ? Now, I loss the backup netscreen management.

    Thank you all for your help!

    Best Regards,
    Pet

    SSG550M(M)
    set interface id 96 “redundant1” zone "DMZ"
    set interface “ethernet0/0” zone "Untrust"
    set interface “tunnel.1” zone "Untrust"
    set interface ethernet0/1 group redundant1
    set interface ethernet0/2 group redundant1
    set interface “redundant1.1” tag 10 zone "DMZ"
    set interface “redundant1.2” tag 20 zone "Trust"
    set interface “redundant1.3” tag 30 zone "Trust"
    unset interface vlan1 ip
    set interface ethernet0/0:1 ip 203.90.6.249/24
    set interface ethernet0/0:1 route
    set interface redundant1.1 ip 10.2.108.2/24
    set interface redundant1.1 nat
    set interface redundant1.1:1 ip 10.2.108.1/24
    set interface redundant1.1:1 nat
    set interface redundant1.2 ip 10.2.101.2/24
    set interface redundant1.2 nat
    set interface redundant1.2:1 ip 10.2.101.1/24
    set interface redundant1.2:1 nat
    set interface redundant1.3 ip 10.2.102.2/24
    set interface redundant1.3 nat
    set interface redundant1.3:1 ip 10.2.102.1/24
    set interface redundant1.3:1 nat
    set interface tunnel.1 ip unnumbered interface redundant1.1
    set interface ethernet0/0:1 mtu 1500
    set interface tunnel.1 mtu 1500
    unset interface vlan1 bypass-others-ipsec
    unset interface vlan1 bypass-non-ip
    set interface ethernet0/0:1 ip manageable
    unset interface redundant1 ip manageable
    unset interface redundant1.1 ip manageable
    unset interface redundant1.1:1 ip manageable
    set interface redundant1.2 ip manageable
    set interface redundant1.2:1 ip manageable
    set interface redundant1.3 ip manageable
    set interface redundant1.3:1 ip manageable
    set interface ethernet0/0 manage ping
    set interface ethernet0/0:1 manage ping
    set interface ethernet0/0:1 manage web
    set nsrp cluster id 1
    set nsrp rto-mirror sync
    unset nsrp vsd-group id 0
    set nsrp vsd-group id 1 priority 1
    set nsrp vsd-group id 1 preempt
    set nsrp vsd-group id 1 monitor interface redundant1
    set nsrp vsd-group id 1 monitor interface ethernet0/0
    set nsrp vsd-group id 1 monitor zone Trust
    set nsrp vsd-group id 1 monitor zone DMZ

    SSG550M(B)
    set interface id 96 “redundant1” zone "DMZ"
    set interface “ethernet0/0” zone "Untrust"
    set interface “tunnel.1” zone "Untrust"
    set interface ethernet0/1 group redundant1
    set interface ethernet0/2 group redundant1
    set interface “redundant1.1” tag 10 zone "DMZ"
    set interface “redundant1.2” tag 20 zone "Trust"
    set interface “redundant1.3” tag 30 zone "Trust"
    unset interface vlan1 ip
    set interface ethernet0/0:1 ip 203.90.6.249/24
    set interface ethernet0/0:1 route
    set interface redundant1.1 ip 10.2.108.3/24
    set interface redundant1.1 nat
    set interface redundant1.1:1 ip 10.2.108.1/24
    set interface redundant1.1:1 nat
    set interface redundant1.2 ip 10.2.101.3/24
    set interface redundant1.2 nat
    set interface redundant1.2:1 ip 10.2.101.1/24
    set interface redundant1.2:1 nat
    set interface redundant1.3 ip 10.2.102.3/24
    set interface redundant1.3 nat
    set interface redundant1.3:1 ip 10.2.102.1/24
    set interface redundant1.3:1 nat
    set interface ethernet0/0:1 mtu 1500
    set interface tunnel.1 mtu 1500
    unset interface vlan1 bypass-others-ipsec
    unset interface vlan1 bypass-non-ip
    unset interface ethernet0/0 ip manageable
    set interface ethernet0/0:1 ip manageable
    unset interface redundant1 ip manageable
    set interface redundant1.1 ip manageable
    unset interface redundant1.1:1 ip manageable
    set interface redundant1.2 ip manageable
    set interface redundant1.2:1 ip manageable
    set interface redundant1.3 ip manageable
    set interface redundant1.3:1 ip manageable
    set interface ethernet0/0 manage ping
    set interface ethernet0/0:1 manage ping
    set interface ethernet0/0:1 manage web

    set nsrp cluster id 1
    set nsrp rto-mirror sync
    unset nsrp vsd-group id 0
    set nsrp vsd-group id 1 priority 100
    set nsrp monitor interface ethernet0/1
    set nsrp vsd-group id 1 monitor interface redundant1
    set nsrp vsd-group id 1 monitor interface ethernet0/1
    set nsrp vsd-group id 1 monitor interface ethernet0/2
    set nsrp vsd-group id 1 monitor zone Trust
    set nsrp vsd-group id 1 monitor zone DMZ


 

43
Online

38.5k
Users

12.7k
Topics

44.5k
Posts