Forum

Netscreen 5Gt-105 D...
 
Bildirimler
Hepsini Temizle

Netscreen 5Gt-105 Dual Untrust

2 Yazılar
2 Üyeler
0 Reactions
564 Görüntüleme
(@MusaAkmaden)
Gönderiler: 4
Active Member
Konu başlatıcı
 

Merhaba


Netscreen 5GT-105 dual untrust modda aldım fakat bi türlü load balacing yaptıramadım


port yonlendirmelerimde calısmadı yardımcı olursanız sevirim config dosyası asagıdaki gibidir.


[URL= http://img121.imageshack.us/img121/9813/91800307.th.jp g" target="_blank">http://img121.imageshack.us/img121/9813/91800307.th.jp g"/> ][/IMG][/URL]


Uploaded with [URL= http://imageshack.us ]ImageShack.us[/URL]


2 Modem var


 


Adsl                                                     192.168.4.1


Gshdsl                                                 192.168.5.1


 


Juniper Netscreen 5GT-105                192.168.2.1


 


İsa Server Dıs Bacak                           192.168.2.5


Isa server Ic Bacak                              192.168.1.1/24


 


Juniper dual untrust modda aldım 2 modemi juniperda sonlandırdım.


 


Amacım 2 isp load balacing çalıştırıp publish yönlendirmeleri çalıştırmak.


 


Netscreen Config


 


set clock timezone 0


set vrouter trust-vr sharable


set vrouter "untrust-vr"


exit


set vrouter "trust-vr"


unset auto-route-export


set preference static 0


exit


set service "RDP" protocol tcp src-port 3389-3389 dst-port 3389-3389


set service "Remote Administrator" protocol tcp src-port 4899-4899 dst-port 4899-4899


set service "Remote Administrator" + tcp src-port 8085-8085 dst-port 8085-8085


set service "Remote Administrator" + tcp src-port 8086-8086 dst-port 8086-8086


set auth-server "Local" id 0


set auth-server "Local" server-name "Local"


set auth default auth server "Local"


set auth radius accounting port 1646


set admin name "netscreen"


set admin password "nBMmELrEPQrCcmuN5FCtULDa5n"


set admin auth timeout 10


set admin auth server "Local"


set admin format dos


set zone "Trust" vrouter "trust-vr"


set zone "Untrust" vrouter "trust-vr"


set zone "VLAN" vrouter "trust-vr"


set zone "Untrust-Tun" vrouter "trust-vr"


set zone "Trust" tcp-rst


set zone "Untrust" block


unset zone "Untrust" tcp-rst


set zone "MGT" block


set zone "VLAN" block


unset zone "VLAN" tcp-rst


set zone "Untrust" screen tear-drop


set zone "Untrust" screen syn-flood


set zone "Untrust" screen ping-death


set zone "Untrust" screen ip-filter-src


set zone "Untrust" screen land


set zone "V1-Untrust" screen tear-drop


set zone "V1-Untrust" screen syn-flood


set zone "V1-Untrust" screen ping-death


set zone "V1-Untrust" screen ip-filter-src


set zone "V1-Untrust" screen land


set interface "ethernet1" zone "Trust"


set interface "ethernet3" zone "Untrust"


set interface "ethernet2" zone "Untrust"


set interface ethernet1 ip 192.168.2.1/24


set interface ethernet1 nat


set interface ethernet3 ip 88.250.250.240/24


set interface ethernet3 route


set interface ethernet2 ip 88.250.250.220/32


set interface ethernet2 route


unset interface vlan1 ip


unset interface vlan1 bypass-others-ipsec


unset interface vlan1 bypass-non-ip


set interface ethernet1 ip manageable


set interface ethernet3 ip manageable


set interface ethernet2 ip manageable


set interface ethernet1 manage mtrace


set interface ethernet3 monitor track-ip threshold 255


unset interface ethernet3 monitor track-ip dynamic


set interface ethernet2 vip untrust 3389 "RDP" 192.168.2.5


set interface ethernet1 dhcp server service


set interface ethernet1 dhcp server auto


set interface ethernet1 dhcp server option dns1 195.175.39.40


set interface ethernet1 dhcp server option dns2 195.175.39.39


set interface ethernet1 dhcp server ip 192.168.2.50 to 192.168.2.254


unset interface ethernet1 dhcp server config next-server-ip


set flow tcp-mss


set flow all-tcp-mss 1304


unset flow tcp-syn-check


set failover enable


set failover auto


set pki authority default scep mode "auto"


set pki x509 default cert-path partial


set dns host dns1 0.0.0.0


set dns host dns2 0.0.0.0


set dns host dns3 0.0.0.0


set ike respond-bad-spi 1


unset ike ikeid-enumeration


unset ike dos-protection


unset ipsec access-session enable


set ipsec access-session maximum 5000


set ipsec access-session upper-threshold 0


set ipsec access-session lower-threshold 0


set ipsec access-session dead-p2-sa-timeout 0


unset ipsec access-session log-error


unset ipsec access-session info-exch-connected


unset ipsec access-session use-error-log


set av profile "scan-mgr"


set ftp scan-mode  scan-all 


set ftp decompress-layer  2 


set http scan-mode  scan-all 


unset http skipmime mime-list   


set http skipmime mime-list  "ns-skip-mime-list"  


set imap scan-mode  scan-all 


set imap decompress-layer  2 


set pop3 scan-mode  scan-all 


set pop3 decompress-layer  2 


set smtp scan-mode  scan-all 


set smtp decompress-layer  2 


exit


set url protocol websense


exit


set anti-spam profile ns-profile


set sbl default-server enable


exit


set policy id 1 from "Trust" to "Untrust"  "Any" "Any" "ANY" permit


set policy id 1


exit


set policy id 2 from "Untrust" to "Trust"  "Any" "VIP(ethernet2)" "ANY" permit


set policy id 2


exit


set pppoe name "eth3"


set pppoe name "eth3" username "test1@ttnet" password "6/ujjVFANgRB0zsPLrC7XJ1whOn3RT43qw=="


set pppoe name "eth3" interface ethernet3


set pppoe name "eth3" netmask 255.255.255.0


set pppoe name "eth2"


set pppoe name "eth2" username "test2@ttnet" password "xslW7RcPN4Gmlgs/FICOOPSblvnVsTxyKg=="


set pppoe name "eth2" interface ethernet2


set nsmgmt bulkcli reboot-timeout 60


set nsmgmt bulkcli reboot-wait 0


set ssh version v2


set config lock timeout 5


set license-key auto-update


set snmp port listen 161


set snmp port trap 162


set vrouter "untrust-vr"


exit


set vrouter "trust-vr"


set source-routing enable


set max-ecmp-routes 2


unset add-default-route


set route 0.0.0.0/0 interface ethernet3 gateway 1.1.1.1 preference 1 metric 50


set route source 192.168.2.1/24 interface ethernet3


set route source 192.168.2.1/24 interface ethernet2


exit


set vrouter "untrust-vr"


exit


set vrouter "trust-vr"


exit

 
Gönderildi : 08/12/2010 17:23

(@muratguclu)
Gönderiler: 1164
Noble Member
 

selam;

Load balance çalışıyor gibi. Nat yapacağın cihaz için Source based routing yaz ve o wan bacağında nat ı tanımla

 
Gönderildi : 09/12/2010 11:42

Paylaş: