TechSpot

How PC can talk to PC on different network using netscreen 5gt

By rusta
May 25, 2008
  1. Hello,

    I have a juniper netscreen 5gt-wireless router. Pc's on both the trust interface and the wireless2 interface can access the internet, but pc's on the trust interface cannot talk to the pc's on the wireless2 interface and vice versa. The trust interface is 192.168.1.1 and the wireless2 interface is 192.168.2.1. Both trust and wireless2 interface are in the Trust zone.

    How can I configure the router to allow the pc's to be on the same network or to be able to talk to each other?

    Here are some of the router settings:

    Port mode is trust-untrust (trust and wireless2 in Trust zone)

    interface:
    Name IP/Netmask Zone Type Link Configure
    serial 0.0.0.0/0 Null Unused down Edit
    trust 192.168.1.1/24 Trust Layer3 up Edit
    untrust XXX.XXX.XXX.XXX/23 Untrust Layer3 up Edit
    vlan1 0.0.0.0/0 VLAN Layer3 down Edit
    wireless1 0.0.0.0/0 Wzone1 Layer3 down Edit
    wireless2 192.168.2.1/24 Trust Layer3 up Edit Deactivate

    tust interface is set as DHCP server - addresses 192.168.1.2 - 192.168.1.15

    wireless2 interface is set as DHCP server - addresses 192.168.2.2 - 192.168.2.5

    Interface link status:
    Name Zone Link
    trust Trust Up
    wireless2 Trust Up
    untrust Untrust Up

    Policies:

    From Untrust To Trust, total policy: 9
    ID Source Destination Service Action Options Configure Enable Move
    10 Any VIP::1 HTTPS Edit Clone Remove
    9 Any VIP::1 RDC Edit Clone Remove
    8 Any VIP::1 MAIL Edit Clone Remove
    7 Any VIP::1 POP3 Edit Clone Remove
    6 Any VIP::1 FTP Edit Clone Remove
    5 Any VIP::1 Server Web 81 Edit Clone Remove
    4 Any VIP::1 Server Web 8080 Edit Clone Remove
    3 Any VIP::1 uTorrent Edit Clone Remove
    2 Any VIP::1 NAS200 Edit Clone Remove

    From Trust To Untrust, total policy: 1
    ID Source Destination Service Action Options Configure Enable Move
    1 Any Any ANY Edit Clone Remove

    [​IMG]

    [​IMG]
     
  2. jobeard

    jobeard TS Ambassador Posts: 9,310   +617

    And this is the problem -- you have TWO subnets (1 & 2) and there is no Route between the two.

    It would appear that your wiring would look like
    Code:
    modem ---- router#1 ----wireless-router#2
    The simple fix is to get both routers onto the same subnet (192.168.1.x) by:
    • take the wire from router#1 that attaches to the wireless router
    • disconnect the router#2 side (which is the WAN port)
    • and move it to an empty LAN port
    • reconfig router#2 to disable DHCP
    that last step must be done with a system WIRED to router#2

    All systems with then be on the same subnet and will be able to PING each other.
    Sharing or access control will then be by
    1. firewall control
    2. or ACL password control
     
  3. rusta

    rusta TS Rookie Topic Starter

    Thanks again jobeard for your help.

    The thing is, I only have the 1 router, the Juniper 5gt wireless router.

    My cable modem connects to the Untrusted Port of the Juniper, then a cable from the Juniper's Trusted Port1 to a switch.

    When I try to to put the wireless2 interface on the same subnet, I get error "illegal overlapping subnet"

    I also tried setting the wireless2 interface to "DHCP relay agent", but that did not work either.

    I guess there needs to a be route between the 2 interfaces like you said and this can probably be done within the router, but I have no idea how.
     
  4. jobeard

    jobeard TS Ambassador Posts: 9,310   +617

    I can't find the product User's Guide nor Install Guide so I'm kind of blind sided here.

    'Trusted' and 'Untrusted' Ports??? Haven't seen a device like that.

    With only one router, how did you get TWO subnets -- DHCP usually assigns addresses
    unless someone has manually condigured a device.

    1- remove any manual config you might have performed on ANY system
    2- try to connect all systems as Trusted

    If you can find a URL to the User's Guide, it would go a long way to help solve your issue(s).
     
  5. rusta

    rusta TS Rookie Topic Starter

    Jobeard,

    The settings are the router's default settings, except for the VIP's / policies I created for port forwarding. The DHCP settings are the default settings.


    Below is some links, I have the 5GT-Wireless model.

    juniper.net/techpubs/software/screenos/screenos5x/screenos5xwlan/WLAN.pdf

    juniper.net/products/integrated/dsheet/110034.pdf

    juniper.net/techpubs/hardware/netscreen-appliances/netscreen-appliances50/gs_5gt.pdf

    help.juniper.net/help/english/5.0.0-DSLW/ns5gt%20wireless/online_help.htm



    The router allows you set DHCP for any of the following 5 interfaces.

    trust(192.168.1.1/24)
    untrust(xxx.xxx.xxx.xxx/23)
    vlan1(0.0.0.0/0)
    wireless1(0.0.0.0/0)
    wireless2(192.168.2.1/24)


    trust is set to DHCP server.
    untrust is set to DHCP client.
    vlan1 is set to None.
    wireless1 is set to None.
    wireless2 is set to DHCP server.

    The options I can choose for the trust and untrust interface is:
    None, DHCP Client, DHCP Relay Agent or DHCP Server.

    For the vlan1, wireless1 and wireless2 interfaces the options are:
    None, DHCP Relay Agent, or DHCP Server.

    I did try setting the wireless2 interface to DHCP Relay Agent, but that did not work.
     
  6. jobeard

    jobeard TS Ambassador Posts: 9,310   +617

    First, that's a great router/firewall!!

    Second, getting data flow from the Trusted to the Untrusted is contrary to the basic
    concepts, otherwise there would be no need for classifications like these.

    This results in no means to route from one to the other and you must get all devices
    on the Trusted Port if you wish to Print/File share to/from all systems.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...