Simple configuration conversion from IOS to Junos



  • Hello,
    I have a Cisco 2800 router config and i need to convert it to junos
    Thanks to check what i have done and inform me if it is correct
    If you can also configure auto-failover for LAN traffic (By default use M1. But if M1 is down, use PacNet for outgoing) and VPN (external clients from outside network can use VPN to join the LAN and access LAN resources and internet connection)
    Cisco Config

    policy-map NGNBN

    class class-default

    set cos 1

    !

    !

    !

    !

    !

    !

    !

    !

    !

    !!

    interface GigabitEthernet0/0

    mac-address acf2.c52d.382e

    no ip address

    duplex auto

    speed auto

    !

    interface GigabitEthernet0/0.20

    description PacNet

    encapsulation dot1Q 20

    ip address 123.45.54.198 255.255.255.252

    ip nat outside

    ip virtual-reassembly in

    !

    interface GigabitEthernet0/0.30

    description LAN

    encapsulation dot1Q 30

    ip address 192.168.0.1 255.255.255.0

    ip nat inside

    ip virtual-reassembly in

    ip policy route-map PBR_LAN

    !

    interface GigabitEthernet0/0.40

    description ServerFarm

    encapsulation dot1Q 40 ip address 123.45.149.1 255.255.255.224

    ip policy route-map PBR_ServerFarm

    !

    interface GigabitEthernet0/0.1103

    description M1

    encapsulation dot1Q 1103

    ip address dhcp

    ip nat outside

    ip virtual-reassembly in

    no cdp enable

    service-policy output NGNBN

    !

    ip forward-protocol nd

    no ip http server

    no ip http secure-server

    !

    ip nat pool LAN-to-PacNet 123.45.149.0 123.45.149.0 netmask 255.255.255.224

    ip nat inside source route-map NAT_M1 interface GigabitEthernet0/0.1103 overload

    ip nat inside source route-map NAT_PacNet pool LAN-to-PacNet overload

    ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0.1103

    ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0.20 10

    !

    ip access-list extended LAN

    permit ip 192.168.0.0 0.0.0.255 any

    deny  ip any any

    ip access-list extended PacNetServices

    deny  ip any 123.45.149.0 0.0.0.31

    deny  ip any any

    ip access-list extended ServerFarm-to-WAN

    deny  ip 123.45.149.0 0.0.0.31 192.168.0.0 0.0.0.255

    permit ip any any

    !

    logging esm config

    !

    !

    !

    !

    route-map PBR_ServerFarm permit 10

    match ip address ServerFarm-to-WAN set ip next-hop 123.45.54.197

    set interface GigabitEthernet0/0.20

    !

    route-map NAT_PacNet permit 10

    match ip address LAN

    match interface GigabitEthernet0/0.20

    !

    route-map PBR_LAN permit 10

    match ip address PacNetServices

    set interface GigabitEthernet0/0.20 GigabitEthernet0/0.1103

    !

    route-map NAT_M1 permit 10

    match ip address LAN

    match interface GigabitEthernet0/0.1103

    !

    Juniper

    interfaces {
        /* Created from IOS Interface: gigabitethernet0/0 /
        ge-0/0/0 {
            hold-time up 0 down 2000;
            mac acf2.c52d.382e;
            vlan-tagging;
            unit 0 {
                proxy-arp;
            }
            unit 20 {
                description “PacNet”;
                proxy-arp;
                vlan-id 20;
                family inet {
                    address 123.45.54.198/30;
                }
            }
            unit 30 {
                description “LAN”;
                proxy-arp;
                vlan-id 30;
                family inet {
                    address 192.168.0.1/24;
                    filter {
                        input pbr_lan-filter;
                    }
                }
            }
            unit 40 {
                description “ServerFarm”;
                proxy-arp;
                family inet {
                    filter {
                        input pbr_serverfarm-filter;
                    }
                }
            }
            unit 1103 {
                description “M1”;
                proxy-arp;
                vlan-id 1103;
            }
        }
    }
    routing-options {
        rib-groups {
            pbr_lan-group {
                import-rib [ inet.0 PBR_ServerFarm-10.inet.0 NAT_PacNet-10.inet.0 PBR_LAN-10.inet.0 NAT_M1-10.inet.0 ];
            }
            pbr_serverfarm-group {
                import-rib [ inet.0 PBR_ServerFarm-10.inet.0 NAT_PacNet-10.inet.0 PBR_LAN-10.inet.0 NAT_M1-10.inet.0 ];
            }
        }
        interface-routes {
            rib-group inet pbr_lan-group;
        }
    }
    routing-instances {
        PBR_ServerFarm-10 {
            instance-type forwarding;
            routing-options {
                static {
                    route 0.0.0.0/0 next-hop ge-0/0/0.20;
                }
            }
        }
        NAT_PacNet-10 {
            instance-type forwarding;
            routing-options {
                static {
                    route 0.0.0.0/0;
                }
            }
        }
        PBR_LAN-10 {
            instance-type forwarding;
            routing-options {
                static {
                    route 0.0.0.0/0;
                }
            }
        }
        NAT_M1-10 {
            instance-type forwarding;
            routing-options {
                static {
                    route 0.0.0.0/0;
                }
            }
        }
    }
    policy-options {
        policy-statement al-LAN {
            /
      permit ip 192.168.0.0 0.0.0.255 any /
            term term-1 {
                from route-filter 192.168.0.0/24 orlonger;
                then accept;
            }
            /
      deny  ip any any /
            term term-2 {
                from route-filter 0.0.0.0/0 orlonger;
                then reject;
            }
            term ios-implicit-deny {
                then reject;
            }
        }
        policy-statement rm-NAT_M1 {
            term term-1 {
                from {
                    interface ge-0/0/0.1103;
                    policy al-LAN;
                }
                then accept;
            }
            term ios-implicit-deny {
                then reject;
            }
        }
        policy-statement rm-NAT_PacNet {
            term term-1 {
                from {
                    interface ge-0/0/0.20;
                    policy al-LAN;
                }
                then accept;
            }
            term ios-implicit-deny {
                then reject;
            }
        }
        policy-statement rm-PBR_LAN {
            term ios-implicit-deny {
                then reject;
            }
        }
    }
    firewall {
        family {
            inet {
                filter pbr_lan-filter {
                    /
      deny  ip any 123.45.149.0 0.0.0.31
                        deny  ip any any /
                    term T1 {
                        from {
                            destination-address {
                                123.45.149.0/27;
                            }
                        }
                        then {
                            accept;
                        }
                    }
                    term default {
                        then {
                            accept;
                        }
                    }
                }
                filter pbr_serverfarm-filter {
                    /
      deny  ip 123.45.149.0 0.0.0.31 192.168.0.0 0.0.0.255 /
                    term T1 {
                        from {
                            source-address {
                                123.45.149.0/27;
                            }
                            destination-address {
                                192.168.0.0/24;
                            }
                        }
                        then {
                            accept;
                        }
                    }
                    /
      permit ip any any */
                    term T2 {
                        then {
                            routing-instance PBR_ServerFarm-10;
                        }
                    }
                    term default {
                        then {
                            accept;
                        }
                    }
                }
            }
        }
    }


 

32
Online

38.4k
Users

12.7k
Topics

44.5k
Posts