|
Posted by Alan Strassberg on August 7, 2005, 1:15 pm
If you were Registered and logged in, you could reply and use other advanced thread options >I have a 5XP that has been running for a very long time. It has one of
>the original versions of Screen OS on it, 2.6 or something like that. I
>have contacted Juniper about upgrading the software with no response so
>far. Anyway here is my question..
>
>I am trying to log into a machine on my trusted network using SSH. I
>have tested and have no trouble doing this locally, now I want to get
>in via the internet.
>
>I created.. 2 services on the Virtual IP (these are Net Screen terms)
>
>The first :
> Virtual IP :Untrusted interface ip (192.168.1.0).
> Virtual Port 2121
> Service FTP
> Map to IP : 192.168.0.150
>
>The second:
> Virtual IP :Untrusted interface ip (192.168.1.0).
> Virtual Port 2222
> Service: SSH
> Map to IP : 192.168.0.150
>
>
>In addition I created 2 policies. As follows.
>
> Source: Any
> Destination : VIP ::1
>
>And the corresponding service set to SSH or FTP. I enabled logging on
>both policies. And neither log shows any entries.
>
>
>For both services I created the status is showing as "Not available".
>And I don't understand. Any ideas? Any ideas what I am missing in order
>to get this to work?
Close but no cigar. I changed my admin port to 2222 then I
can ssh to the VIP.
set service "ssh2222" protocol tcp src-port 0-65535 dst-port 2222-2222
set admin ssh port 2222
set policy id 2 from "Untrust" to "Trust" "A.B.C.D/32" "VIP::1" "SSH" permit
The ssh to the NS is "ssh -p 2222 netscreen@w.x.y.z"
A good site for Netscreen stuff is ...
http://netscreenforum.com/
Also a mailing list here:
http://qorbit.net/nn/
I think you can still get suppport for the XP then you can download
upgrades. Call your reseller, not Netscreen. Note the XP is
end-of-life though 5.0.0 code is available.
alan
| 
XML site map