Forum
Merhaba
Netscreen 5GT-105 dual untrust modda aldım fakat bi türlü load balacing yaptıramadım
port yonlendirmelerimde calısmadı yardımcı olursanız sevirim config dosyası asagıdaki gibidir.
[URL= http://img121.imageshack.us/img121/9813/91800307.th.jp g" target="_blank">http://img121.imageshack.us/img121/9813/91800307.th.jp g"/> ][/IMG][/URL]
Uploaded with [URL= http://imageshack.us ]ImageShack.us[/URL]
2 Modem var
Adsl 192.168.4.1
Gshdsl 192.168.5.1
Juniper Netscreen 5GT-105 192.168.2.1
İsa Server Dıs Bacak 192.168.2.5
Isa server Ic Bacak 192.168.1.1/24
Juniper dual untrust modda aldım 2 modemi juniperda sonlandırdım.
Amacım 2 isp load balacing çalıştırıp publish yönlendirmeleri çalıştırmak.
Netscreen Config
set clock timezone 0
set vrouter trust-vr sharable
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
unset auto-route-export
set preference static 0
exit
set service "RDP" protocol tcp src-port 3389-3389 dst-port 3389-3389
set service "Remote Administrator" protocol tcp src-port 4899-4899 dst-port 4899-4899
set service "Remote Administrator" + tcp src-port 8085-8085 dst-port 8085-8085
set service "Remote Administrator" + tcp src-port 8086-8086 dst-port 8086-8086
set auth-server "Local" id 0
set auth-server "Local" server-name "Local"
set auth default auth server "Local"
set auth radius accounting port 1646
set admin name "netscreen"
set admin password "nBMmELrEPQrCcmuN5FCtULDa5n"
set admin auth timeout 10
set admin auth server "Local"
set admin format dos
set zone "Trust" vrouter "trust-vr"
set zone "Untrust" vrouter "trust-vr"
set zone "VLAN" vrouter "trust-vr"
set zone "Untrust-Tun" vrouter "trust-vr"
set zone "Trust" tcp-rst
set zone "Untrust" block
unset zone "Untrust" tcp-rst
set zone "MGT" block
set zone "VLAN" block
unset zone "VLAN" tcp-rst
set zone "Untrust" screen tear-drop
set zone "Untrust" screen syn-flood
set zone "Untrust" screen ping-death
set zone "Untrust" screen ip-filter-src
set zone "Untrust" screen land
set zone "V1-Untrust" screen tear-drop
set zone "V1-Untrust" screen syn-flood
set zone "V1-Untrust" screen ping-death
set zone "V1-Untrust" screen ip-filter-src
set zone "V1-Untrust" screen land
set interface "ethernet1" zone "Trust"
set interface "ethernet3" zone "Untrust"
set interface "ethernet2" zone "Untrust"
set interface ethernet1 ip 192.168.2.1/24
set interface ethernet1 nat
set interface ethernet3 ip 88.250.250.240/24
set interface ethernet3 route
set interface ethernet2 ip 88.250.250.220/32
set interface ethernet2 route
unset interface vlan1 ip
unset interface vlan1 bypass-others-ipsec
unset interface vlan1 bypass-non-ip
set interface ethernet1 ip manageable
set interface ethernet3 ip manageable
set interface ethernet2 ip manageable
set interface ethernet1 manage mtrace
set interface ethernet3 monitor track-ip threshold 255
unset interface ethernet3 monitor track-ip dynamic
set interface ethernet2 vip untrust 3389 "RDP" 192.168.2.5
set interface ethernet1 dhcp server service
set interface ethernet1 dhcp server auto
set interface ethernet1 dhcp server option dns1 195.175.39.40
set interface ethernet1 dhcp server option dns2 195.175.39.39
set interface ethernet1 dhcp server ip 192.168.2.50 to 192.168.2.254
unset interface ethernet1 dhcp server config next-server-ip
set flow tcp-mss
set flow all-tcp-mss 1304
unset flow tcp-syn-check
set failover enable
set failover auto
set pki authority default scep mode "auto"
set pki x509 default cert-path partial
set dns host dns1 0.0.0.0
set dns host dns2 0.0.0.0
set dns host dns3 0.0.0.0
set ike respond-bad-spi 1
unset ike ikeid-enumeration
unset ike dos-protection
unset ipsec access-session enable
set ipsec access-session maximum 5000
set ipsec access-session upper-threshold 0
set ipsec access-session lower-threshold 0
set ipsec access-session dead-p2-sa-timeout 0
unset ipsec access-session log-error
unset ipsec access-session info-exch-connected
unset ipsec access-session use-error-log
set av profile "scan-mgr"
set ftp scan-mode scan-all
set ftp decompress-layer 2
set http scan-mode scan-all
unset http skipmime mime-list
set http skipmime mime-list "ns-skip-mime-list"
set imap scan-mode scan-all
set imap decompress-layer 2
set pop3 scan-mode scan-all
set pop3 decompress-layer 2
set smtp scan-mode scan-all
set smtp decompress-layer 2
exit
set url protocol websense
exit
set anti-spam profile ns-profile
set sbl default-server enable
exit
set policy id 1 from "Trust" to "Untrust" "Any" "Any" "ANY" permit
set policy id 1
exit
set policy id 2 from "Untrust" to "Trust" "Any" "VIP(ethernet2)" "ANY" permit
set policy id 2
exit
set pppoe name "eth3"
set pppoe name "eth3" username "test1@ttnet" password "6/ujjVFANgRB0zsPLrC7XJ1whOn3RT43qw=="
set pppoe name "eth3" interface ethernet3
set pppoe name "eth3" netmask 255.255.255.0
set pppoe name "eth2"
set pppoe name "eth2" username "test2@ttnet" password "xslW7RcPN4Gmlgs/FICOOPSblvnVsTxyKg=="
set pppoe name "eth2" interface ethernet2
set nsmgmt bulkcli reboot-timeout 60
set nsmgmt bulkcli reboot-wait 0
set ssh version v2
set config lock timeout 5
set license-key auto-update
set snmp port listen 161
set snmp port trap 162
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
set source-routing enable
set max-ecmp-routes 2
unset add-default-route
set route 0.0.0.0/0 interface ethernet3 gateway 1.1.1.1 preference 1 metric 50
set route source 192.168.2.1/24 interface ethernet3
set route source 192.168.2.1/24 interface ethernet2
exit
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
exit
selam;
Load balance çalışıyor gibi. Nat yapacağın cihaz için Source based routing yaz ve o wan bacağında nat ı tanımla