Accessing NS-25 from V1-Untrust / Transparent Mode ? HOW?

  • Hi,

    I’ve set our NS-25 in transparent mode (confirmed via ‘get sys’) and everything works fine. I can access the management web interface while I’m connecting from behind the trust (V1-Trust) interface …

    However I am NOT able to reach the management IP (of the vlan1 interface) from behind the V1-Untrust (ie. over the internet) interface.

    Now, I’ve bought the 'Configuring Netscreen Firewalls" book by Rob Cameron and this is what he says in the Transparent Mode section …

    By default, the VLAN1 interface is only accessibly (sic) from the V1-Trust zone. In order to manage the device from a zone other than the V1-Trust, management must be enabled on the layer 2 interface of that zone. This can only be accomplished from the command line. CLI:

    set int ip V1-Untrust manage

    First of all that line the way it is (“set int ip V1-Untrust manage”) doesn’t make much sense and also returns this error.

    ns25-> set int ip V1-Untrust manage
    ^-----unknown keyword ip

    I am assuming the command he has given there is totally wrong and he meant something else because I’ve tried to think of all the possible combinations of what he may have meant and nothing works. I STILL cannot access the vlan1 management Ip from V1-Untrust … only from V1-Trust.


  • Never mind… I got it.

    Just had to set up a default route ie.

    set route int vlan1 gat<mygatewayip></mygatewayip>