Re: To Alan Strassberg - Routing On Netscreen 5XP

In article <dcq7j4$lev$1@nwrdmz03.dmz.ncs.ea.ibs-infra.bt.com>,
Ben <bjblackmore@xyz.hotmail.com> wrote:
>Hi Alan,
>
>Dunno if you remember, but last week I posted a topic on routing through a
>Netscreen 5XP, to which you replied.
>I tried your solution, and could ping through the 5XP, managed to ping the
>gateway (192.168.0.1) and open the gateway http management page. However I
>couldn't get traffic to go any further than this. But if you plug into the
>network on the other side, not going through the netscreen, then I could go
>out through the gateway!
>
>Any ideas why I can't reach the internet when behind the netscreen?

        Email to you bounced. Email your config to me. I said...

        Is the 192.168.254.1 a typo ? You said the gateway was
        192.168.0.1

        I said ...

        set interface trust ip 192.168.0.2/24
        set interface untrust ip 10.0.0.1/24
        set route 0.0.0.0/0 interface trust gateway 192.168.0.1
        set policy id 7 from "Untrust" to "Trust" "10.0.0.10" "192.168.0.1/32"
"ANY" nat src permit log

        No, the policy ID doesn't matter.

        If 192.168.0.1 is the gateway the route needs to go there.

                                        alan alanstrassberg @ yahoo.com
Received on Thu Sep 29 20:00:55 2005