Juniper SSG-20-SB Datasheet download pdf (Page 6)

APPLICATION NOTE - Configuring the CX111 for the SSG Series

set zone “Trust” vrouter “trust-vr”

set zone “Untrust” vrouter “trust-vr”

set interface “ethernet0/0” zone “Untrust”

set interface “/jointfilesconvert/178052/bgroup0” zone “Trust”

set interface /jointfilesconvert/178052/bgroup0 port ethernet0/2

set interface /jointfilesconvert/178052/bgroup0 port ethernet0/3

set interface /jointfilesconvert/178052/bgroup0 port ethernet0/4

set interface /jointfilesconvert/178052/bgroup0 port ethernet0/5

set interface /jointfilesconvert/178052/bgroup0 port ethernet0/6

set interface ethernet0/0 dhcp client enable

set interface ethernet0/0 dhcp client settings update-dhcpserver

set interface /jointfilesconvert/178052/bgroup0 ip 192.168.1.1/24

set interface /jointfilesconvert/178052/bgroup0 dhcp server service

set interface /jointfilesconvert/178052/bgroup0 dhcp server enable

set interface /jointfilesconvert/178052/bgroup0 dhcp server ip 192.168.1.2 to 192.168.1.100

set policy id 3 name “Any Permit” from “Trust” to “Untrust” “Any” “Any” “ANY”

nat src permit log count

exit

Management Access

A VLAN-tagged logical interface can be used in order to provide access to the bridge’s management console. NAT will

also be used to facilitate access from any device behind the gateway, eliminating the need for complex routing (as all

traffic to the bridge’s management interface will be translated as if it originated from the management subnet).

Figure 4: Management access

192.168.1.0/24

Trust Zone

DHCP Client

Untrust Zone

192.168.0.1/24

Management

Zone

CX111

SSG Series

e0/0

OFFICE

VLAN Management

VLAN Tag 3900

VLAN Data

No tagging used for data trac DHCP assigned

address (relayed from the 3G network)

1 2 3 4 5 6 7 8 9 10

No comments

Juniper SSG-20-SB Datasheet Page 6