No access to CLI
chy123 last edited by
I don’t have access to the CLI and was just wondering whether I would be able to do all these actions via the webgui ?
The example isn’t very clear ? A picture showing the setup would’ve been good !
Just wondering ? Can someone please confirm…
126.96.36.199 = fixed ip of client outside firewall ?
188.8.131.52 is the MIP. public ip ?
is 184.108.40.206 the ip of the firewall ? or the internal ip ?
set interface tunnel.1 zone Untrust-Tun
--------- Untrust-Tun is the Tunnel type zone, carrier zone that helps encryption-decryption
set interface tunnel.1 ip 220.127.116.11/24
--------- Fixed IP on the tunnel interface
Not sure whether the 2 set interfaces commands are 1 or 2 steps ? First step looks like
Network --> Interfaces --> New (Tunnel IF)
Should it be Fixed IP or Unnumbered ?
And would I be able to set 1 ip address with subnet 32 instead of 24 ?
set interface tunnel.1 mip 18.104.22.168 host 22.214.171.124 netmask 255.255.255.255
---------- MIP will be used by the cisco-remote network to connect to server behind the Juniper firewall’s local network
set route 126.96.36.199 interface tunnel.1
---------- A route needs to be added to send the traffic to the tunnel interface
Question, how can you redirect only certain Dial-Up VPN to a certain IP ?
set ike gateway Netscreen-Cisco-IKE address 188.8.131.52 main outgoing-interface ethernet4 preshare test sec-level standard
--------- Phase 1 configuration
set vpn Netscreen-Cisco-VPN gateway Netscreen-Cisco-IKE sec-level standard
--------- Phase 2 configuration
set vpn Netscreen-Cisco-VPN bind zone Untrust-Tun
--------- Bind Tunnel Zone (Juniper firewall will recognize the MIP configured on the tunnel interface)
set policy from untrust to trust 184.108.40.206/32 MIP (220.127.116.11) any tunnel vpn Netscreen-Cisco-VPN log
set policy from trust to untrust 18.104.22.168/32 22.214.171.124/32 any tunnel vpn Netscreen-Cisco-VPN log