[j-nsp] One router/two firewalls config question
John Center
john.center at villanova.edu
Fri Mar 7 10:33:42 EST 2008
Hi,
We are in the process of replacing our Internet router, a Cat6500, with
an M120, but are running into a problem translating what we do in IOS to
JUNOS. Our 6500 has a GE connection to each of our 2 PIX535 firewalls,
which are configured in an active/standby failover pair. IP addresses
are not configured on the GE interfaces, but one address is configured
on a VLAN that both ports are in. The 6500 config looks something like
this:
interface GigabitEthernet1/1
no ip address
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 376
switchport mode trunk
...
interface GigabitEthernet2/1
no ip address
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 376
switchport mode trunk
...
interface Vlan376
description "GE connection to DMZ"
ip address 192.168.1.254 255.255.255.240
...
This way, either firewall can talk to the other & has a common address
to talk to the router. Failover is easy & quick. How does one do
something similar in JUNOSv9? VLANs can't have addresses assigned to
them in JUNOS & there doesn't appear to be any support for IRB for the
M120. Any help would be greatly appreciated!
Thanks.
-John
--
John Center
Villanova University
More information about the juniper-nsp
mailing list