5XP not working what is the wrong with the config. Working fine internally



  • I have a Netscreen 5GT working fine with one static ip address . I tried same config on 5XP, why is it not working.

    Please not that I can see the Link Up  on the untrust side of 5 xp only when I use cross over cable. But with 5GT Straight cable works fine on the untrust side.

    I have attached the configuraion. Please help.

    –---------------------------------------
    set clock timezone -5
    set vrouter trust-vr sharable
    unset vrouter “trust-vr” auto-route-export
    set auth-server “Local” id 0
    set auth-server “Local” server-name "Local"
    set auth default auth server "Local"
    set admin name "Netscreen"
    set admin password "nasasasasyfgfgffgf"
    set admin port 8080
    set admin auth timeout 10
    set admin auth server "Local"
    set admin format dos
    set zone “Trust” vrouter "trust-vr"
    set zone “Untrust” vrouter "trust-vr"
    set zone “VLAN” vrouter "trust-vr"
    set zone “Trust” tcp-rst
    unset zone “Untrust” block
    unset zone “Untrust” tcp-rst
    set zone “MGT” block
    set zone “VLAN” block
    set zone “VLAN” tcp-rst
    set zone “Untrust” screen tear-drop
    set zone “Untrust” screen syn-flood
    set zone “Untrust” screen ping-death
    set zone “Untrust” screen ip-filter-src
    set zone “Untrust” screen land
    set zone “V1-Untrust” screen tear-drop
    set zone “V1-Untrust” screen syn-flood
    set zone “V1-Untrust” screen ping-death
    set zone “V1-Untrust” screen ip-filter-src
    set zone “V1-Untrust” screen land
    set interface “trust” zone "Trust"
    set interface “untrust” zone "Untrust"
    unset interface vlan1 ip
    set interface trust ip 192.168.1.1/24
    set interface trust nat
    set interface untrust ip 206.135.192.119/29
    set interface untrust route
    unset interface vlan1 bypass-others-ipsec
    unset interface vlan1 bypass-non-ip
    set interface trust ip manageable
    unset interface untrust ip manageable
    set flow tcp-mss
    set domain WANN.COM
    set hostname WANN_FW2
    set dns host dns1 206.135.192.11
    set dns host dns2 206.135.192.141
    set dns host schedule 06:28 interval 4
    set ike respond-bad-spi 1
    set pki authority default scep mode "auto"
    set pki x509 default cert-path partial
    set policy id 1 from “Trust” to “Untrust”  “Any” “Any” “ANY” permit log
    set policy id 2 from “Untrust” to “Trust”  “Any” “Any” “ANY” permit log
    set policy id 2 disable
    set ssh version v2
    set ssh enable
    set config lock timeout 5
    set ntp server "0.0.0.0"
    set ntp server backup1 "0.0.0.0"
    set ntp server backup2 "0.0.0.0"
    set snmp port listen 161
    set snmp port trap 162
    set vrouter "untrust-vr"
    exit
    set vrouter "trust-vr"
    unset add-default-route
    set route  0.0.0.0/0 interface untrust gateway 206.135.192.117
    exit



  • What is not working?  Could you be more specific?  If trying to get hosts on 192.168 subnet out to Internet I don’t really see an issue in configs.  From the 5XP itself can you ping an Internet address such as 4.2.2.1?

    Also one possibility is your upstream router may have different mac address cached for your public IP.  So clear the ARP cache on upstream router if possible.


 

24
Online

38.4k
Users

12.7k
Topics

44.5k
Posts