Re: Netscreen 5GT cannot receive dynamic IP from ISP

Does your ISP require registration of the MAC of your router?

You might also need to hard-code the interface speed due to a problem with
auto-negotiation. Do that via the command line.

-Russ.

"cemturgay" <cemturgay@hotmail.com> wrote in message
news:1135851333.167609.151760@g44g2000cwa.googlegroups.com...
> Hi I have just replaced a working but old soho router with a new 5GT
> (ScreenOs 5.0)
> and I am having troubles to connect internet.
>
> New 5GT was configured using setup wizard, everything is kept default.
> Trust uses NAT. trust port ip is 192.168.1.1/24.
> Trust acts as DHCP server to trust PCs.
> Untrust port receives IP from DHCP and
> acts as DHCP client.
> Trust and untrust ports are in trustvr.
> Policies untouched, by default trust to untrust everything is open.
>
> Old soho router was sucessfully receiving it's dynamic IP
> and also DNS server IP from the ISP and
> was able to distribute 192.68.1.x network addresses
> and DNS server address to PC's in trust network.
> It was working fine.
>
> But with 5GT it does not.
> Connections in trust network are OK.
> PC's are getting their IP's from 5GT is OK
> (except the DNS server address)
> Then DNS resolution fails.
> If I set the DNS server address manualy
> they are able to resolve web names but
> still can't receive web pages.
>
> 5GT reports:
> DHCP client is unable to get IP address for interface untrust
>
> Has anybody an idea what I am missing?
>
>
> This is the "get config"
> set clock timezone 0
> set vrouter trust-vr sharable
> set vrouter "trust-vr" auto-route-export
> set auth-server "Local" id 0
> set auth-server "Local" server-name "Local"
> set auth default auth server "Local"
> set zone "Trust" vrouter "trust-vr"
> set zone "Untrust" vrouter "trust-vr"
> set zone "VLAN" vrouter "trust-vr"
> set zone "Trust" tcp-rst
> set zone "Untrust" block
> unset zone "Untrust" tcp-rst
> set zone "MGT" block
> set zone "VLAN" block
> set zone "VLAN" tcp-rst
> set zone "Untrust" screen tear-drop
> set zone "Untrust" screen syn-flood
> set zone "Untrust" screen ping-death
> set zone "Untrust" screen ip-filter-src
> set zone "Untrust" screen land
> set zone "V1-Untrust" screen tear-drop
> set zone "V1-Untrust" screen syn-flood
> set zone "V1-Untrust" screen ping-death
> set zone "V1-Untrust" screen ip-filter-src
> set zone "V1-Untrust" screen land
> set interface "trust" zone "Trust"
> set interface "untrust" zone "Untrust"
> unset interface vlan1 ip
> set interface trust ip 192.168.1.1/24
> set interface trust nat
> unset interface vlan1 bypass-others-ipsec
> unset interface vlan1 bypass-non-ip
> set interface trust ip manageable
> set interface trust dhcp server service
> set interface trust dhcp server auto
> set interface trust dhcp server option lease 7200
> set interface trust dhcp server option gateway 192.168.1.1
> set interface trust dhcp server option netmask 255.255.255.0
> set interface trust dhcp server ip 192.168.1.50 to 192.168.1.100
> set interface untrust dhcp-client enable
> set flow tcp-mss
> set hostname ns5gt
> set ike respond-bad-spi 1
> set pki authority default scep mode "auto"
> set pki x509 default cert-path partial
> set policy id 1 from "Trust" to "Untrust" "Any" "Any" "ANY" permit
> set global-pro policy-manager primary outgoing-interface untrust
> set global-pro policy-manager secondary outgoing-interface untrust
> set ssh version v2
> set config lock timeout 5
> set vrouter "untrust-vr"
> exit
> set vrouter "trust-vr"
> set preference ebgp 250
> set preference ibgp 40
> unset add-default-route
> exit
>
Received on Tue Jan 3 03:40:12 2006