No access to CLI
chy123 last edited by
I don’t have access to the CLI and was just wondering whether I would be able to do all these actions via the webgui ?
The example isn’t very clear ? A picture showing the setup would’ve been good !
Just wondering ? Can someone please confirm…
22.214.171.124 = fixed ip of client outside firewall ?
126.96.36.199 is the MIP. public ip ?
is 188.8.131.52 the ip of the firewall ? or the internal ip ?
set interface tunnel.1 zone Untrust-Tun
--------- Untrust-Tun is the Tunnel type zone, carrier zone that helps encryption-decryption
set interface tunnel.1 ip 184.108.40.206/24
--------- Fixed IP on the tunnel interface
Not sure whether the 2 set interfaces commands are 1 or 2 steps ? First step looks like
Network --> Interfaces --> New (Tunnel IF)
Should it be Fixed IP or Unnumbered ?
And would I be able to set 1 ip address with subnet 32 instead of 24 ?
set interface tunnel.1 mip 220.127.116.11 host 18.104.22.168 netmask 255.255.255.255
---------- MIP will be used by the cisco-remote network to connect to server behind the Juniper firewall’s local network
set route 22.214.171.124 interface tunnel.1
---------- A route needs to be added to send the traffic to the tunnel interface
Question, how can you redirect only certain Dial-Up VPN to a certain IP ?
set ike gateway Netscreen-Cisco-IKE address 126.96.36.199 main outgoing-interface ethernet4 preshare test sec-level standard
--------- Phase 1 configuration
set vpn Netscreen-Cisco-VPN gateway Netscreen-Cisco-IKE sec-level standard
--------- Phase 2 configuration
set vpn Netscreen-Cisco-VPN bind zone Untrust-Tun
--------- Bind Tunnel Zone (Juniper firewall will recognize the MIP configured on the tunnel interface)
set policy from untrust to trust 188.8.131.52/32 MIP (184.108.40.206) any tunnel vpn Netscreen-Cisco-VPN log
set policy from trust to untrust 220.127.116.11/32 18.104.22.168/32 any tunnel vpn Netscreen-Cisco-VPN log