[VPN] Help

Johan Andersson johan.andersson at atremo.com
Fri Mar 14 02:55:18 EST 2003


You have to configure your netscreeen with some policys that allow traffic
to flow from Untrust to the mip (server)
and frpom the dmz to the trust network, this should help you! I can
recomande that you set trust interface in route mode also. And use policy
based nat! If you have any more questions please drop me an mail!


-----Original Message-----
From: Exo Wa [mailto:exo_wa at yahoo.com]
Sent: den 13 mars 2003 10:18
To: vpn at lists.shmoo.com
Subject: [VPN] Help

I am from a Desktop support environment now been
assigned to setup firewall and vpn using netscreen 25
Technically, I am very new to networking and
especially brand new to NetScreen 25 product.

I am working for a small company which has 25
employees total and about 20 servers

Unfortunately, to cut cost, my boss didn't buy Tech
Support.  NetScreen one year email support is very
very slow in response. I am frustrated...so i came
across your site via google.

Basically, NS-25 has three Ethernet ports. I am using 

Eth3(configured as Untrust, Route) to go out to the
Internet via our existing Cisco Router. 

Eth2 (DMZ,Route)will be used to host all the 20
servers with the public IPs that we have. Since, Eth2
cannot be assigned IPs of the same subnet as Eth3,
it's been suggested that we use private IP and MIP to
the public ones. 

Eth1(Trust, NAT) will be used for our private network

So far, i can ping to the Internet from both networks
(behind eth1 and eth2)but i cannot ping Eth1 from Eth2
or vice versa.

1) How can i configure Eth1(Trust) and Eth2(DMZ) so
that the two can see each other. 

2) My WebServer is bound to a private IP
and MIPped to one of our public IPs but could NOT hit
the server from the outside. What did I do wrong? Or,
what else should i configure?

Any help on this would greatly appreciated.

Thanks for your help in advance.


Do you Yahoo!?
Yahoo! Web Hosting - establish your business online
VPN mailing list
VPN at lists.shmoo.com

More information about the VPN mailing list