Is is possible to use adsl and untrust port at same time on NS 5gt



  • Hi,
    I got a doubt regarding NS 5gt ADSL.
    By default it has got ADSL interface in untrust zone and an untrust port in Null zone. Is it possible to configure the untrust port also into the untrust zone and configure it with an IP and use it for routing to some other network. so we will  have both the ADSL port and the untrust port working?
    Thanks in advance.
    Haze


  • Global Moderator

    W’ll have to wait for maxpipeline to wake-up, I don’t know (:-



  • Thanks screenie.
    To test this senario i will need to go to customer premises and i have to check about that. The whole reason the doubt regarding the untrust and adsl port working together came up is because around 2 years back, i attended a netscreen training seminar and i remember the instructor telling me that both cannot work together. I dont remember which screen os version was running, but was there a limitation like this on older screen os?


  • Global Moderator

    Hi,

    your first question is a definite yes.

    Number two is hard. untrust as backup for your default route is no problem, will work. ADSL as backup for VPN: not as easy as you put it. When the gateway changes, outgoing interface changes. Your otherside will don’t notice this, thinks IPsec is comming from wrong source. So you have to do more!

    Hopefully you’re able to talk to (or adminster your self) the other side. What I advice is this:

    define two route based VPN’s. One over untrust, one over ADSL. Enable monitoring over thos lines. Define two statis routes route to the tunnelinterfaces with backup in metrics. If untrust goes down, tunnel interface goes down because of monitoring and other VPN (to ADSL) kicks in. Be carefull with ADSL, are you getting same IP adress all the time? Otherwise configure VPN with dynamic peer.

    Hope things are clear like this.



  • Thanks for your reply guys. I had tried moving the untrust interface to untrust zone in a test box and both (adsl and untrust) were able to reside in untrust zone. Unfortunately it was not a live environment, so i couldnt check if it actually worked and if there are any caveat.
    1)Does that mean that i can have a pppoa/pppoe instance binded to adsl and a static ip on my untrust interface and have my internet traffic go through adsl and wan traffic go through the untrust? i got a 1800 router with leased line which i want to connect to my untrust interface. i wanted to route wan traffic (VPN) through the leased line. 2) Also can i define the untrust interface as gateway for internet with higher metric so that it can become a backup interface for adsl and also vice versa for VPN (ie ADSL as backup for vpn traffic)?
    More thanks.



  • Yes, this is possible. Just note that with ADSL, with PPPoE your default gateway will always be the gateway assigned via ADSL.


  • Global Moderator

    Not sure. Just try with “set int untrust zone untrust”, or select untrust zone in gui for port untrust.


 

30
Online

38.4k
Users

12.7k
Topics

44.5k
Posts