+ Reply to Thread
Page 2 of 2 First 12
Results 26 to 50 of 50
  1. Junior Member
    Join Date
    Dec 2009
    Posts
    1
    #26

    Default Not the same thing :)

    Thanks rfult001 but qemu manager is not what I am looking for I guess that Vladimir's software helps you to create and link virtual machines emulating routers (something like gns3), and solves the multicast problem.. I have solved this problem manually, creating and linking routers "by hand", but I think it would be much better If I had a tool that simplifies this task so I can focus in creating my labs
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member
    Join Date
    May 2009
    Location
    DMV
    Posts
    2,204

    Certifications
    CCNP, CCNP(V), S+ CCIE V(written)
    #27
    Quote Originally Posted by Forsaken_GA View Post
    Alright, please understand that I'm not trying to pick on you, but you have a few misconceptions. As tiersten has pointed out, GNS3 is just another VM monitor under the hood. Getting this up and running in VMWare is not much more difficult. This just happens to be a very well written guide.

    And most normal IT guys won't be touching, much less configuring, a core router. If you're not an ubergeek, you're not touching my network. This mindset of everything needing to be quick and easy in regards to learning network engineering as a trade disturbs me.

    I know everybody has there views on how they see and view things, but you must understand that I'm viewing this from a completely different stand point. I hate going to far in different directions when there is already a path that I want to get. You can either rent real routers our buy them. I don't want to spend a day or 2 trying to get a olive to work, I really don't want to be bothered with it. As far as the Juniper in a VM I have never toyed with it, but it maybe a simple setup. I know I got GNS3 setup in 10 min. It took me over a day to get Dynamips setup. Now that they will continue to work on JUNOS for GNS3 I will take a stab at it as soon as my CCNP is finished. Bottom line I know this is what will work for me. Others may have different needs. My main point about my main statement stand. This will help out Juniper I think more than the previous was to emulate there products in the past.
    Reply With Quote Quote  

  4. was here.
    Join Date
    Apr 2008
    Posts
    4,504
    #28
    Quote Originally Posted by shodown View Post
    I don't want to spend a day or 2 trying to get a olive to work, I really don't want to be bothered with it. As far as the Juniper in a VM I have never toyed with it, but it maybe a simple setup. I know I got GNS3 setup in 10 min. It took me over a day to get Dynamips setup.
    Whilst using Dynamips directly isn't very userfriendly because of the configuration files necessary, the steps you did to get JunOS running inside QEMU/GNS3 is exactly the same as if you was trying to get it running in any other VM system. That is my point. You've already done the necessary steps so you've not actually made it any easier.

    Quote Originally Posted by shodown View Post
    Now that they will continue to work on JUNOS for GNS3 I will take a stab at it as soon as my CCNP is finished.
    They could provide a FreeBSD VM disk image but you'd still be required to install the JunOS portions yourself via the CLI. The PIX/ASA images are ready to run because they contain the Finesse/Linux OS inside the image so you don't actually need anything else.
    Reply With Quote Quote  

  5. Cisco Moderator mikej412's Avatar
    Join Date
    May 2005
    Location
    Chicago
    Posts
    10,190

    Certifications
    CCNP CCIP CCSP CCVP CCDP CCDA CCNA CS-CIPSS CS-CIPTDS CS-CIPTOS CS-CIPCSS CS-CFWS CS-CVPNS CS-CISecS ISSP 4013 4011
    #29
    Quote Originally Posted by CCIEWANNABE View Post
    Maybe like an all-in-one mega download with freebsd and all the other apps, since they are all FREE this makes it easy for them to do.
    I doubt the Juniper software is FREE. Same for the Cisco IOS and PIX/ASA Images.

    If someone can't follow step by step instructions and is relying on someone else creating a simple All-In-One software solution for them, they probably don't have much of a future in any advanced IT position.
    Reply With Quote Quote  

  6. Senior Member
    Join Date
    Aug 2008
    Posts
    3,951
    #30
    Quote Originally Posted by shodown View Post
    I know everybody has there views on how they see and view things, but you must understand that I'm viewing this from a completely different stand point. I hate going to far in different directions when there is already a path that I want to get. You can either rent real routers our buy them. I don't want to spend a day or 2 trying to get a olive to work, I really don't want to be bothered with it. As far as the Juniper in a VM I have never toyed with it, but it maybe a simple setup. I know I got GNS3 setup in 10 min. It took me over a day to get Dynamips setup. Now that they will continue to work on JUNOS for GNS3 I will take a stab at it as soon as my CCNP is finished. Bottom line I know this is what will work for me. Others may have different needs. My main point about my main statement stand. This will help out Juniper I think more than the previous was to emulate there products in the past.
    Have you even set this up? You're missing a few points. You say you don't want to spend a day or two getting an olive to work... setting up JUNOS in GNS3 is setting up an olive. You say you've never toyed with Juniper in a VM.... if you've set it up in GNS3, yes, you have. QEMU is, conceptually, the same as VMWare - it emulates a processor and hardware environment so you can run a guest os.

    For your benefit, I sincerely suggest you become familiar with how the software you're using works. Otherwise, you'll just become a zombie that can read and follow instructions, you won't really learn anything. When you get that frantic call at 3am about the network being broken, there's not a book that's going to tell you how to fix it.
    Reply With Quote Quote  

  7. Senior Member
    Join Date
    May 2009
    Location
    DMV
    Posts
    2,204

    Certifications
    CCNP, CCNP(V), S+ CCIE V(written)
    #31
    Quote Originally Posted by Forsaken_GA View Post
    Have you even set this up? You're missing a few points. You say you don't want to spend a day or two getting an olive to work... setting up JUNOS in GNS3 is setting up an olive. You say you've never toyed with Juniper in a VM.... if you've set it up in GNS3, yes, you have. QEMU is, conceptually, the same as VMWare - it emulates a processor and hardware environment so you can run a guest os.

    For your benefit, I sincerely suggest you become familiar with how the software you're using works. Otherwise, you'll just become a zombie that can read and follow instructions, you won't really learn anything. When you get that frantic call at 3am about the network being broken, there's not a book that's going to tell you how to fix it.

    If you have read my past post I have said that I have never toyed with it. I looked at the blogs of people who have setup olives and said I wouldn't toy with it due to the problems people have had.

    Also I have never did the VM thing. I just saw that GNS3 had it available, and that they were planning on making it easier in the future which to me is great I don't like using my time to fumble with those things, I like to get something up and going right away.

    I think we are going to have to agree to disagree on how we conduct business. You guys know what works for you, and I have know what works for me. We are all here to get better at our craft, but we have different methods to our madness. Nones it better than the others., Just because some don't want to fumble around with emulators doesn't mean they aren't capable at the job. I'm stepping out of this post cause I don't' like the direction that I see it going. I wish everybody the best on stepping into the world off juniper. Our entire core of our network runs on on Juniper and I plan on getting certified I can't wait to get started actually. Good luck everybody.
    Reply With Quote Quote  

  8. Senior Member CCIEWANNABE's Avatar
    Join Date
    Jan 2008
    Location
    O'Fallon, IL
    Posts
    458

    Certifications
    CCVP, CCNP, CCIP, CCDP, CCNA:R&S, CCNA:S, CCNA:V, CCNA:W, CCDA, CNSS 4011, JNCIA JUNOS, JNCIS-M , ITILv3, Sec +
    #32
    Quote Originally Posted by mikej412 View Post
    I doubt the Juniper software is FREE. Same for the Cisco IOS and PIX/ASA Images.

    If someone can't follow step by step instructions and is relying on someone else creating a simple All-In-One software solution for them, they probably don't have much of a future in any advanced IT position.
    C'mon Mike, i think you know what i meant;] of course the JUNOS you will have to get yourself through valid terms.

    About the second comment, like some have metioned, I don't have free days to just sit around trying to figure out how to get multiple programs running, I've got IPv6, Multicast, BGP, IGP's, MPLS VPN's, Redistribution and other advanced CCIE R&S topics to study.

    The developers still have some work to do to incorporate it smoothly into GNS3, as anyone can see. That's what they like to do and that's what keeps them going. For myself, I like Cisco/Juniper routers and configuring/troubleshooting advanced protocols on them, thats what I do. I'm a Network Analyst, not Systems Analyst :] There is a HUGE difference and anyone who says different is only kidding themselves. So let them do their thing, and I'll do my thing. When they can get this smoothed out, and i know they will, i guarantee I'll be off to the races with Juniper again :]
    Last edited by CCIEWANNABE; 12-07-2009 at 05:52 PM.
    Reply With Quote Quote  

  9. networking geek & stuff
    Join Date
    Jan 2010
    Location
    Costa Rica
    Posts
    3

    Certifications
    CCNA, JNCIA-ER, JNCIA-WX, JNCIS-M. WIP: JNCIS-E
    #33
    Quote Originally Posted by dynamik View Post
    Um, if you aren't an uber geek, what the hell are you doing trying to emulate a cli router os?
    I know I'm really late to the discussion (I just joined today), but that's just an unbeatable argument!
    Reply With Quote Quote  

  10. Junior Member
    Join Date
    May 2010
    Location
    Charlotte NC
    Posts
    10

    Certifications
    CCIE R&S, CISSP, CCDP, CCNP, CCVP, JNCIA-ER
    #34
    Quote Originally Posted by Turgon View Post
    I thought about building out an Olive a couple of years ago, but once I looked into it I was put off by the hardware requirements and time required messing around to get it working. Similarly with dynamips I put it off as I always had real hardware at my disposal. I think I will have a go at the GNS thing this weekend.
    I was put off by the lack of OS availability. :/
    Reply With Quote Quote  

  11. Went to the dark side.... Moderator networker050184's Avatar
    Join Date
    Jul 2007
    Posts
    11,665

    Certifications
    CCNA, CCNP, CCIP, JNCIA-JUNOS, JNCIS-SP, JNCIP-SP, MCA200
    #35
    Man, I've been trying to get one of these bad boys running today and its definitely no fun. Setting up dynamips is a walk in the park compared to this.
    An expert is a man who has made all the mistakes which can be made.
    Reply With Quote Quote  

  12. Senior Member
    Join Date
    Apr 2009
    Location
    Sheffield, UK
    Posts
    502

    Certifications
    CC(NA-IP-NP), JNCIA-JUNOS, JNCIS-ENT, BCNE
    #36
    Quote Originally Posted by networker050184 View Post
    Man, I've been trying to get one of these bad boys running today and its definitely no fun. Setting up dynamips is a walk in the park compared to this.
    Once you have one setup as a base image, its quite easy to replicate them and change as needed. The GNS3/Qemu tutorials are good for that.
    Reply With Quote Quote  

  13. Network Geek ccie15672's Avatar
    Join Date
    May 2009
    Location
    Port Washington, WI, USA
    Posts
    92

    Certifications
    CCIE #15672 (R&S, SP), JNCIE-M #721
    #37
    wow. You people kill me.

    I have set up olive in VMWare, VirtualBox, and QEMU... The easiest for me was VirtualBox.

    Its not that hard. the hardware requirements aren't that great. I have 4 olives on one server in my basement... I'm sure I could add several more.

    Also, lets just be honest, you can download a VM image for olive with multicast working from torrent. I'm not condoning illegal activity, but seriously if you really wanted to you could download a working current version of JUNOS pretty quickly ready to boot in VMware.. no effort necessary.

    Neither IOS or JUNOS is freely available. You need a CCO account or a Juniper website account to get the OSs.
    Reply With Quote Quote  

  14. DoWork
    Join Date
    Jun 2010
    Location
    A major Illinois hospital system near you
    Posts
    1,468

    Certifications
    vExpert, VCAP5-DCA/DCD, VCP5-DCV, VCIX-NV, VCP-NV, BSTM
    #38
    I toyed with setting up an Olive in VMware. It wasn't easy to do but I followed the Joost guide and as long as you follow it to the tee it works just fine. Once you get the first one setup Joost even goes through how to create the template VM to spawn others. It's really not that hard if you know how to follow directions and have a little common sense.
    Reply With Quote Quote  

  15. Network Geek ccie15672's Avatar
    Join Date
    May 2009
    Location
    Port Washington, WI, USA
    Posts
    92

    Certifications
    CCIE #15672 (R&S, SP), JNCIE-M #721
    #39
    Actually, having said that I've done all three.. I would say that Virtualbox is by far superior to VMware for the purpose of having Olives.

    The performance is better and you can use 8.1r4 without any multicast or VLAN issues, and its relatively easy to use. Just use named pipes for the serial ports...

    With VMware, unless you want to load the multicast patch everytime, you have to use 9.0 or above, which can tax your server. Also you only have e1000 NICs which means no multiple VLANs per interface. (The e1000s show up as emX interfaces).
    Reply With Quote Quote  

  16. Junior Member
    Join Date
    Feb 2010
    Posts
    5

    Certifications
    CCIE (R&S)
    #40
    I've got 2 Olives running in Virtualbox 4 but I don't think multicast is working. The 2 olives are connected via a private network and I can ping across it.

    Do I have to run 8.1r4 to get past the multicast issues? I'm running 9.3r3.8 with plans to move to the 10.x extended service release that's due any day now.
    Reply With Quote Quote  

  17. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,598
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #41
    GNS3 v0.8.2 was just released. Anyone have JunOS images running in it yet? There doesn't seem to be any specific support for it in the GUI other than a JunOS router icon. I don't see any specific documentation for JunOS images either. Do you need VirtualBox installed or can you just use QEMU with JunOS? *grumble grumble*
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  18. Senior Member ccnxjr's Avatar
    Join Date
    Jan 2010
    Location
    Brooklyn, NY
    Posts
    299

    Certifications
    A+; Network+; CCENT; CCNA;JNCIA-JunOS
    #42
    Finally got two olives up and running in GNS3.
    Haven't put it through it's paces but at least they can ping each other and the configuration saves with the project.
    Will post more extensively on it after I've had a celebratory coffee and completed an honest day's work.

    Initially got it up and running with VirtualBox and after some more reading/tinkering built out a qemu image using FreeBSD 4.11 and JunOS 8.5R1.14.
    The VirtualBox olive was pretty straight forward compared to the qemu image, which was a bit tricky, at least for me .

    Finally got two olives up and running in GNS3.
    Haven't put it through it's paces but at least they can ping each other and the configuration saves with the project.
    Will post more extensively on it after I've had a celebratory coffee and completed an honest day's work.

    Initially got it up and running with VirtualBox and after some more reading/tinkering built out a qemu image using FreeBSD 4.11 and JunOS 8.5R1.14.
    The VirtualBox olive was pretty straight forward compared to the qemu image, which was a bit tricky, at least for me .


    Editing, because i'd hate to reply to my own reply...(if that makes sense? )

    Some of the key things that helped is the new release of GNS3, works right out of the box, no configuring really required.

    This article helped A LOT
    http://forum.gns3.net/topic3015.html

    as well as the original "how to" for this
    http://blog.gns3.net/2009/10/olive-juniper/


    Yes you will be using the command line , a LOT

    Those are pretty thorough, so I'll just point out a few things that I got hung up on while trying to get this going:

    -Configure the Olive before integrating it into GNS3, do this from within the Qemu folder
    (wherever it's stored/installed at)

    --Use Qemu from a command line to start building your FreeBSD base image:
    1) qemu-img.exe create junos-binary.img -f qcow2 8G

    2) qemu -m 256 -hda junos-binary.img -cdrom 4.11-RELEASE-i386-miniinst.iso

    --Once you've sourced your JunOS files, pack them in an ISO, then you can pass that ISO to the guest machine as what's in the CDROM drive.
    1) qemu -m 256 -hda junos-binary.img -cdrom junos.iso

    --You will then mount the ISO file from within the FreeBSD virtual machine
    #mount /cdrom
    #cp /cdrom/jinstall-10.1R1.8-domestic-olive.tgz /var/tmp/

    .....follow instructions on unpacking and repacking... (your replacing a file in the archive)
    I skipped this entire block from the http://blog.gns3.net/2009/10/olive-juniper/ article and it works.

    -------------------------------------------------------
    md5 -q jinstall-8.5R1.14-domestic-signed.tgz > jinstall-8.5R1.14-domestic-signed.tgz.md5 openssh sha1 jinstall-8.5R1.14-domestic-signed.tgz > jinstall-8.5R1.14-domestic-signed.tgz.sha1
    --------------------------------------------------------


    --Install JunOS
    #pkg_add -f /var/tmp/juniper.tgz

    So, now you have an Olive in Qemu image
    --------------------------------
    Time to bring it into GNS3!

    Assuming you already have GNS3 installed ....
    Fire it and go to:

    Edit > Preferences > Qemu
    Under the Qemu tab
    -Click on "Test settings", make sure your good to go


    Now:
    Edit > Preferences > Qemu >
    Under the JunOS tab

    -You'll want to edit the following options :
    1) Identifier name: Olive-01
    2) Location of the binary image
    3) RAM (at least 256, more is better right? )
    4) Qemu Options : " -serial telnet:127.0.0.1:1001,server,nowait,nodelay "(no quotations)

    Then SAVE!

    * Couple things to note, you will be using a telnet terminal initially as opposed to a serial terminal.
    The Qemu option above basically redirects the virtual machine's serial connections to a telnet one.
    There are other ways of doing it, but this one makes sense and works for me.

    ** Also you will have to login as root, and then type the command "cli" to start the JunOS shell

    *** It would help all around if you read those two articles, compare notes. Maybe print them out and just go over them.
    The mechanical actions involved and install time should only take 15-20 minutes, what takes the bulk of the time is just understanding what your doing and how to recover if you slip up on a command.

    Now you can drag and drop your Juniper routers into your topology.

    I'm down for some hand-holding or troubleshooting for the next couple weeks if anyone else has issues getting this up and running, just shoot me a pm.
    Attached Images Attached Images
    Last edited by ccnxjr; 05-11-2012 at 03:34 AM. Reason: tips/pointers
    Reply With Quote Quote  

  19. Senior Member
    Join Date
    Oct 2012
    Location
    Lexington, KY
    Posts
    534

    Certifications
    CISSP, GMON
    #43
    So, after being somewhat uninspired by looking into CCNA, I think I am going to start the Juniper path instead. Is this last post current on the best way to get some "hands on" with JunOS? I don't currently have space or $ for hardware, though that might change.
    Last edited by wes allen; 12-06-2012 at 01:22 AM.
    Reply With Quote Quote  

  20. Senior Member ccnxjr's Avatar
    Join Date
    Jan 2010
    Location
    Brooklyn, NY
    Posts
    299

    Certifications
    A+; Network+; CCENT; CCNA;JNCIA-JunOS
    #44
    It's current, but don't expect to spin up an Olive without some reading.
    You'll be first installing a FreeBSD vm, with very SPECIFIC partitioning requirements.
    Then modifying an installation of JunOS.
    The two links provide sufficient detail, I just tried to add a few of my own notes based on my experience.
    Reply With Quote Quote  

  21. Senior Member
    Join Date
    Oct 2012
    Location
    Lexington, KY
    Posts
    534

    Certifications
    CISSP, GMON
    #45
    Coolness, so set aside a half a day and pack some snacks and plenty of caffeine kinda thing? Or, maybe would dropping $50/100 or Junosphere be enough to get through the first couple Juniper certs? Looking at JNCIA, JNCIS - ENT and Sec.
    Reply With Quote Quote  

  22. Senior Member ccnxjr's Avatar
    Join Date
    Jan 2010
    Location
    Brooklyn, NY
    Posts
    299

    Certifications
    A+; Network+; CCENT; CCNA;JNCIA-JunOS
    #46
    Set aside half a day, snacks, a 2 liter bottle of cola, queue up some good tunes.
    Junosphere is worth it, somethings you won't be able to emulate, such as the switching platform.
    Something about emulating the environment helps you understand the platform better.

    I can't vouch for if it will be enough cert wise, I'm still tinkering with my home lab :P
    Messing with IPTables rules, rsyslog , that kinda thing
    (yep went from GNS3 under Windows XP to straight up CentOS+kvm )

    [root@localhost ~]# virsh list --all
    Id Name State
    ----------------------------------------------------
    1 centos-02 running
    2 centos-01 running
    3 centos-06 running
    4 Olive-04 running
    5 Olive-05 running
    6 Olive-06 running
    7 Olive-07 running


    [root@localhost ~]# vmstat
    procs -----------memory---------- ---swap-- -----io---- --system-- -----cpu-----
    r b swpd free buff cache si so bi bo in cs us sy id wa st
    2 0 8 1365676 38036 48312 0 0 1 0 7 8 4 9 87 0 0
    [root@localhost ~]# free
    total used free shared buffers cached
    Mem: 3913212 2548156 1365056 0 38044 48312
    -/+ buffers/cache: 2461800 1451412
    Swap: 6143992 8 6143984
    [root@localhost ~]# lscpu
    Architecture: x86_64
    CPU op-mode(s): 32-bit, 64-bit
    Byte Order: Little Endian
    CPU(s): 4
    On-line CPU(s) list: 0-3
    Thread(s) per core: 1
    Core(s) per socket: 4
    CPU socket(s): 1
    NUMA node(s): 1
    Vendor ID: GenuineIntel
    CPU family: 6
    Model: 15
    Stepping: 11
    CPU MHz: 2666.716
    BogoMIPS: 5333.43
    Virtualization: VT-x
    L1d cache: 32K
    L1i cache: 32K
    L2 cache: 4096K
    NUMA node0 CPU(s): 0-3
    [root@localhost ~]#

    Junos_project.JPG
    Last edited by ccnxjr; 12-06-2012 at 03:46 AM.
    Reply With Quote Quote  

  23. Junior Member Registered Member
    Join Date
    Jan 2011
    Posts
    2
    #47

    Default BTX loader 1.00 BTX version is 1.02

    I have tried each and every step mentioned by ccnxjr but whenever I start the router in gns3 , I get stuck to "BTX loader 1.00 BTX version is 1.02" . Please note I am not using it in VMware Any guidelines would be highly appreciated
    Reply With Quote Quote  

  24. Senior Member ccnxjr's Avatar
    Join Date
    Jan 2010
    Location
    Brooklyn, NY
    Posts
    299

    Certifications
    A+; Network+; CCENT; CCNA;JNCIA-JunOS
    #48
    I may have neglected to mention that JunOS is generally installed on systems without a GUI.
    As such, you need to connect to this device via a console app!
    Once you've seen that "BTX loader 1.00 BTX version is 1.02" message, right click on the router Juniper router that you've started and click on "Console"

    You should then see the boot messages scroll by (see attached)

    One possible hiccup (may or may not be mentioned in one of the links supplied) could be your windows firewall.

    console-out.jpg
    Reply With Quote Quote  

  25. Junior Member Registered Member
    Join Date
    Jan 2011
    Posts
    2
    #49
    @ccnxjr ..Thank you for the suggestion but I got the root@user flashing on my screen after 10 mints... It nearly takes aound 10-15 mints to load the juniper router
    Reply With Quote Quote  

  26. Junior Member Registered Member
    Join Date
    Jan 2015
    Posts
    1
    #50

    Default Having trouble in establishing communication between SRX & cisco router in GNS

    Not able to ping from SRX to Router and viceversa


    SRX config : -

    ## Last commit: 2015-01-10 13:30:37 UTC by cisco
    version 12.1X47-D10.4;
    system {
    host-name SRXJUNOS;
    root-authentication {
    encrypted-password "$1$eBXFxSc4$dGOThXeoVIrLIV1X9djBr/"; ## SECRET-DATA
    }
    login {
    user cisco {
    uid 2000;
    class super-user;
    authentication {
    encrypted-password "$1$dysVgYL6$DUuf0ZWYOzOcGB2EGAx2y1"; ## SECRET-DATA
    }
    }
    }
    services {
    ssh;
    web-management {
    http {
    interface ge-0/0/0.0;
    }
    }
    }
    syslog {
    user * {
    any emergency;
    }
    file messages {
    any any;
    authorization info;
    }
    file interactive-commands {
    interactive-commands any;
    }
    }
    license {
    autoupdate {
    url https://ae1.juniper.net/junos/key_retrieval;
    }
    }
    }
    interfaces {
    ge-0/0/0 {
    unit 0 {
    family inet {
    address 192.168.1.2/30;
    }
    }
    }
    ge-0/0/1 {
    unit 0 {
    family inet {
    address 10.0.0.2/30;
    }
    }
    }
    }
    routing-options {
    static {
    route 0.0.0.0/0 next-hop 192.168.1.1;
    route 10.0.0.0/24 next-hop 10.0.0.1;
    }
    }
    security {
    screen {
    ids-option untrust-screen {
    icmp {
    ping-death;
    }
    ip {
    source-route-option;
    tear-drop;
    }
    tcp {
    syn-flood {
    alarm-threshold 1024;
    attack-threshold 200;
    source-threshold 1024;
    destination-threshold 2048;
    queue-size 2000; ## Warning: 'queue-size' is deprecated
    timeout 20;
    }
    land;
    }
    }
    }
    policies {
    from-zone trust to-zone trust {
    policy default-permit {
    match {
    source-address any;
    destination-address any;
    application any;
    }
    then {
    permit;
    }
    }
    }
    from-zone trust to-zone untrust {
    policy default-permit {
    match {
    source-address any;
    destination-address any;
    application any;
    }
    then {
    permit;
    }
    }
    }
    from-zone untrust to-zone trust {
    policy default-deny {
    match {
    source-address any;
    destination-address any;
    application any;
    }
    then {
    deny;
    }
    }
    }
    }
    zones {
    security-zone trust {
    tcp-rst;
    host-inbound-traffic {
    system-services {
    all;
    }
    }
    interfaces {
    ge-0/0/0.0;
    ge-0/0/1.0;
    }
    }
    security-zone untrust {
    screen untrust-screen;
    }
    }
    }


    cisco@SRXJUNOS>






    ROUTER Config : -

    Building configuration...


    Current configuration : 1369 bytes
    !
    version 12.4
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname R1
    !
    boot-start-marker
    boot-end-marker
    !
    !
    no aaa new-model
    memory-size iomem 5
    no ip icmp rate-limit unreachable
    ip cef
    !
    !
    !
    !
    no ip domain lookup
    ip auth-proxy max-nodata-conns 3
    ip admission max-nodata-conns 3
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    ip tcp synwait-time 5
    ip ssh version 1
    !
    !
    !
    !
    !
    interface FastEthernet0/0
    ip address 192.168.1.1 255.255.255.252
    duplex auto
    speed auto
    !
    interface Serial0/0
    no ip address
    shutdown
    clock rate 2000000
    !
    interface FastEthernet0/1
    no ip address
    shutdown
    duplex auto
    speed auto
    !
    interface Serial0/1
    no ip address
    shutdown
    clock rate 2000000
    !
    interface Serial1/0
    no ip address
    shutdown
    serial restart-delay 0
    !
    interface Serial1/1
    no ip address
    shutdown
    serial restart-delay 0
    !
    interface Serial1/2
    no ip address
    shutdown
    serial restart-delay 0
    !
    interface Serial1/3
    no ip address
    shutdown
    serial restart-delay 0
    !
    ip forward-protocol nd
    ip route 0.0.0.0 0.0.0.0 192.168.1.2
    !
    !
    no ip http server
    no ip http secure-server
    !
    no cdp log mismatch duplex
    !
    !
    !
    control-plane
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    line con 0
    exec-timeout 0 0
    privilege level 15
    logging synchronous
    line aux 0
    exec-timeout 0 0
    privilege level 15
    logging synchronous
    line vty 0 4
    login
    !
    !
    end


    R1#$




    Router connected to SRX ge-0/0/0 interface. Inetween them is layer 2 switch
    Reply With Quote Quote  

+ Reply to Thread
Page 2 of 2 First 12

Social Networking & Bookmarks