Showing posts with label Juniper Networks. Show all posts
Showing posts with label Juniper Networks. Show all posts
Configuration: Windows native DialUP VPN client & Netscreen
As the subject of this topic states I want to create a dialup VPN to a Netscreen Firewall. To make it more complex I will choose the onboard Windows VPN client. At the moment only a few documentations exist and most of them contain only pieces of the whole setup process. Different threads in discussion groups out there state that the whole XP-VPN/Netscreen thing will not be possible but they lack the proof that this cannot be done.JUNOS Emulators: Features You CAN & You CAN’T PRACTICE
Emulators runs the real JUNOS software(which runs on a router) on a virtual machine using Qemu or the VMware. As per experience you can practice almost all the features but for sure there are few which you can't.
2:- OSPF & ISIS. If you are using Qemu, under protocol ISIS you need to
configure interface type "point-to-point" otherwise adjacency will not be up. If you are using VM ware then you don’t need "point-to-point".
3:- BGP, you can configure almost all the knobs mentioned in the books.
4:- Policies works just fine with either emulators.
5:- MPLS TE also works fine.
2:- Few firewall features
3:- L2 VPN
4:- Multicasting
JUNOS allows to configure the hardware or services which are currently not running in the router, means you can configure an ATM or a frame-relay interface and save the configuration but this configuration will not be associated with any interface, in short you can just type the command even for the hardware which is not present but you cannot see it working.
If you are a beginner then there is lot more you could do with these.
Best of luck.
You CAN do the following:
1:- Basic system configuration like snmp, syslog, user accounts & NTP etc.2:- OSPF & ISIS. If you are using Qemu, under protocol ISIS you need to
configure interface type "point-to-point" otherwise adjacency will not be up. If you are using VM ware then you don’t need "point-to-point".
3:- BGP, you can configure almost all the knobs mentioned in the books.
4:- Policies works just fine with either emulators.
5:- MPLS TE also works fine.
You CAN'T do the following:
1:- VRRP on either emulators2:- Few firewall features
3:- L2 VPN
4:- Multicasting
JUNOS allows to configure the hardware or services which are currently not running in the router, means you can configure an ATM or a frame-relay interface and save the configuration but this configuration will not be associated with any interface, in short you can just type the command even for the hardware which is not present but you cannot see it working.
If you are a beginner then there is lot more you could do with these.
Best of luck.
Remote VPN To Netscreen Device - [XAuth with Cisco ACS RADIUS]
NetScreen has implemented XAuth to allow another layer of authentication for VPN between a Remote Client and a Netscreen VPN Device. This negotiation takes please after the first phase of the IPSEC. You may verify authentication to the Netscreen Device’s local authentication database, radius, Secure ID, and LDAP server. You may as before use groups to combine the dial-up users or use individual dial-up users.You cannot use the group function if you are using Secure-ID or a LDAP server.
Use Funk RADIUS server to support such NetScreen-specific attributes as admin privileges, user groups, and remote L2TP and XAuth IP address, and DNS and WINS server address assignments, you must load the Funk dictionary file (netscreen.dct) that defines these attributes onto the RADIUS server. If using Cisco ACS Radius, load the Cisco dictionary file (NSRadDef2.ini). A dictionary file defines vendor-specific attributes (VSAs) that you can load onto a RADIUS server. Afterdefining values for these VSAs, NetScreen can then query them when a user logs in to the NetScreendevice. NetScreen VSAs include admin privileges, user groups, and remote L2TP and XAuth IP address, and DNS and WINS server address assignments.
Use Funk RADIUS server to support such NetScreen-specific attributes as admin privileges, user groups, and remote L2TP and XAuth IP address, and DNS and WINS server address assignments, you must load the Funk dictionary file (netscreen.dct) that defines these attributes onto the RADIUS server. If using Cisco ACS Radius, load the Cisco dictionary file (NSRadDef2.ini). A dictionary file defines vendor-specific attributes (VSAs) that you can load onto a RADIUS server. Afterdefining values for these VSAs, NetScreen can then query them when a user logs in to the NetScreendevice. NetScreen VSAs include admin privileges, user groups, and remote L2TP and XAuth IP address, and DNS and WINS server address assignments.
[VIDEO] - Step By Step Guide To Install NSM 2009 On RHEL 5
I have just completed the installation of nsm20091r1 on RHEL(Redhat) 5 with the help of this tutorial, but there were also some additional steps done by me that are not mentioned in this tutorial. All the additional steps are also added in the tutorial below
Within this tutorial we will be installing Juniper NSM 2009.1 onto a RHEL (Redhat) 5 server.
Click Here To Play The Installation Video
Step By Step Guide To Install JunOS Olive in VMWware Fusion
Tested with VMWare Fusion Version 3.1.2 and JunOS 10.4.R3.
Requirements
VMWare Fusion #should also work with VMWare Workstation
FreeBSD 7.1
JunOS M-, MX- oder T-Series Router Firmware
Disc (8GB) Partition overview:
ad0s1a / 1024M
ad0s1b swap 1024M
ad0s1d swap 24M
ad0s1e /config 12M
ad0s1f /var the rest
Command summary to prepare the original JunOS Image to an Olive Image:
Requirements
VMWare Fusion #should also work with VMWare Workstation
FreeBSD 7.1
JunOS M-, MX- oder T-Series Router Firmware
Disc (8GB) Partition overview:
ad0s1a / 1024M
ad0s1b swap 1024M
ad0s1d swap 24M
ad0s1e /config 12M
ad0s1f /var the rest
Command summary to prepare the original JunOS Image to an Olive Image:
[Video] - Step By Step Guide To Install JunOS on GNS3
Note: Steps by Steps video guide to install JunOS 10.1 in Qemu for GNS3 for Juniper router simulation can be viewed at the end of this post.
Download the required software
1. JunOS 10.X (use Torrents may OS Image are available from there i also got) Link
2. Download FreeBSD 4.11 as base OS for Router Download
3. Download Qemu 0.11.0 from GNS3 web site Download
4. Need to Software to create CD ISO image. ex: Deep Burner
Time to Start
Step 1: Download all the given files above
Step 2: Extract Qemu in a folder
Step 3: Open cmd and navigate to extracted folder
Step 4: Create a HDD image to install JunOS of 4GB
qemu-img.exe create j.img -f qcow2
Step 5:
Start the Qemu with Free BSD CD and Created HDD
qemu.exe -L . -m 256 -hda j.img -boot d -localtime –cdrom ..\4.11.4.11-RELEASE-i386-miniinst.iso
Download the required software
1. JunOS 10.X (use Torrents may OS Image are available from there i also got) Link
2. Download FreeBSD 4.11 as base OS for Router Download
3. Download Qemu 0.11.0 from GNS3 web site Download
4. Need to Software to create CD ISO image. ex: Deep Burner
Time to Start
Step 1: Download all the given files above
Step 2: Extract Qemu in a folderStep 3: Open cmd and navigate to extracted folder
Step 4: Create a HDD image to install JunOS of 4GB
qemu-img.exe create j.img -f qcow2
Step 5:
Start the Qemu with Free BSD CD and Created HDD
qemu.exe -L . -m 256 -hda j.img -boot d -localtime –cdrom ..\4.11.4.11-RELEASE-i386-miniinst.iso
Step By Step Guide To Install JUNOS on GNS3 [Part 3][Updated]
Updating JunOS
You can update your version of JunOS from the CLI with the following command:
request system software add [jinstall_package]
Running your router(s)
Now you have a base olive image. Qemu allows you to use this as a base for other images and only writing the changes to your “slave” images saving on disk space! You can also use less memory for each Qemu instance.
Create a new image off of your base image. Repeat for all your routers you want to emulate:
qemu-img create -b olive-base.img -f qcow2 R1.img
Start your router and then telnet to it:
2001 Once logged in, you can type “cli” to launch the JunOS command line interpreter, exit to … exit and halt to shutdown FreeBSD. Remember to kill your qemu instance(s).
qemu R1.img -m 96 -nographic -daemonize -serial telnet::2001,server,nowait \
-localtime -net nic,macaddr=00:aa:00:60:01:01,model=e1000 -net user telnet localhost
You can update your version of JunOS from the CLI with the following command:
request system software add [jinstall_package]
Running your router(s)
Now you have a base olive image. Qemu allows you to use this as a base for other images and only writing the changes to your “slave” images saving on disk space! You can also use less memory for each Qemu instance.
Create a new image off of your base image. Repeat for all your routers you want to emulate:
qemu-img create -b olive-base.img -f qcow2 R1.img
Start your router and then telnet to it:
2001 Once logged in, you can type “cli” to launch the JunOS command line interpreter, exit to … exit and halt to shutdown FreeBSD. Remember to kill your qemu instance(s).
qemu R1.img -m 96 -nographic -daemonize -serial telnet::2001,server,nowait \
-localtime -net nic,macaddr=00:aa:00:60:01:01,model=e1000 -net user telnet localhost
Step By Step Guide To Install JUNOS on GNS3 [Part 2][Updated]
FreeBSD installation
Now that we have qemu installed, we can create the image for installing FreeBSD. Run this command to create it and allocate 4 GB:
qemu-img create -f qcow2 olive-base.img 4G
Launch Qemu to install FreeBSD on the image:
qemu -m 256 -hda olive-base.img -cdrom 4.11-RELEASE-i386-miniinst.iso \
-boot d -localtime
Qemu window will pop up (remember, by default press CTRL + ALT to release the cursor in Qemu):
Now that we have qemu installed, we can create the image for installing FreeBSD. Run this command to create it and allocate 4 GB:
qemu-img create -f qcow2 olive-base.img 4G
Launch Qemu to install FreeBSD on the image:
qemu -m 256 -hda olive-base.img -cdrom 4.11-RELEASE-i386-miniinst.iso \
-boot d -localtime
Qemu window will pop up (remember, by default press CTRL + ALT to release the cursor in Qemu):
How To: Adding Netscreen to NSRP Cluster & Interface Monitoring
NSRP
NSRP is the protocol that redundant NetScreen devices use to talk to each other when running in various HA configurations. It is the language that allows them to exchange state information and make decisions. Before we detail the specifics of what type of information is exchanged over NSRP, we need to cover a bit more theory.
One of the main goals of HA is to have multiple redundant systems, where a second system can take over in case the first one fails. This is commonly achieved by duplicating the hardware. As with the NetScreen firewalls, any HA setup that is using NSRP implies that there are at least two firewalls of the same model working together. This group of firewalls is called an NSRP cluster, or simply, a cluster (see Figure below).
Note: The sample configuration shown below is of SSG 520, for any issues related to this post please let me know @ahsantasneem
How To - Step By Step Installation of JunOS on GNS3 [Part 4]
Testing
To check if everything work, let’s configure 2 Olives:
root@%cli
root>edit
[edit]
root#
[edit]
root#set system root-authentication plain-text-password
New password:
Retype new password:
[edit]
root#set interfaces em0 unit 0 family inet address 10.0.0.1/8
[edit]
root#commit
commit completeConfigure the other device using the same commands but with another IP address (e.g. 10.0.0.2/8) and ping.
How To - Step By Step Installation of JunOS on GNS3 [Part 3]
Updating JunOS
You can update your version of JunOS from the CLI with the following command:
request system software add [jinstall_package]
Running your router(s)
Now you have a base olive image. Qemu allows you to use this as a base for other images and only writing the changes to your “slave” images saving on disk space! You can also use less memory for each Qemu instance.
Create a new image off of your base image. Repeat for all your routers you want to emulate:
qemu-img create -b olive-base.img -f qcow2 R1.img
Start your router and then telnet to it:
Now you have a base olive image. Qemu allows you to use this as a base for other images and only writing the changes to your “slave” images saving on disk space! You can also use less memory for each Qemu instance.
Create a new image off of your base image. Repeat for all your routers you want to emulate:
qemu-img create -b olive-base.img -f qcow2 R1.img
Start your router and then telnet to it:
2001 Once logged in, you can type “cli” to launch the JunOS command line interpreter, exit to … exit and halt to shutdown FreeBSD. Remember to kill your qemu instance(s).
qemu R1.img -m 96 -nographic -daemonize -serial telnet::2001,server,nowait \
-localtime -net nic,macaddr=00:aa:00:60:01:01,model=e1000 -net user telnet localhost
How To - Step By Step Installation of JunOS on GNS3 [Part 1]
This article explain you how to emulate Juniper JunOS on a PC using Qemu. This is an updated and enhanced version of excellent howtos from Juniper Clue and Internetwork Pro as well asHimawan Nugroho’s blog. I mainly focused on Qemu, so if you wish to install JunOS on a real PC or using VMware, please have a look at the Juniper Clue article for more information (and of course Google).
So what’s new you would say? First, I chose to use the latest version of Qemu: the 0.11.0 which supports the Intel e1000 network card emulation since version 0.10.0. and includes several fixes for it. I have modified and adapted the old patch for Qemu 0.11.0, it includes the UDP tunnel (connection to Dynamips/GNS3), PCAP and LCAP support. Also, the patch allows multicast traffic with the e1000, i82557b and i82559er Qemu emulated network cards. Moreover, this article show how to emulate JunOS on multiple operating systems: Mac OS X, Windows XP and Linux Ubuntu 9.04 without using an untrustworthy obscure binary downloaded from a forum you can’t even read the language
So what’s new you would say? First, I chose to use the latest version of Qemu: the 0.11.0 which supports the Intel e1000 network card emulation since version 0.10.0. and includes several fixes for it. I have modified and adapted the old patch for Qemu 0.11.0, it includes the UDP tunnel (connection to Dynamips/GNS3), PCAP and LCAP support. Also, the patch allows multicast traffic with the e1000, i82557b and i82559er Qemu emulated network cards. Moreover, this article show how to emulate JunOS on multiple operating systems: Mac OS X, Windows XP and Linux Ubuntu 9.04 without using an untrustworthy obscure binary downloaded from a forum you can’t even read the language
How To - Multiple Olives On One Box Using Vmware
Creating virtual serial ports for telnet access (so no physical com port access required)...
Having one Olive box is great for CLI familiarity but multiple Olives interacting with each other is the only way to really get to grips with the routing protocols and route filtering techniques. Once one Olive session is fully built, it's a piece of cake to mirror this so you can have 2 or 3 or more (resources dependant) on one box. The main limiting factor of this approach is the lack of physical serial ports on the server. Mine only has a single COM1. To get round this, I used the FREEWARE HW Virtual Serial Port v2.5.10 software from HW-group. Using the command line (or creating shortcuts in the Windows user profile startup folder so it was persistent), I created 3 new virtual serial ports that were setup as telnet servers (COM2 on port 2009, COM3 on port 2010, COM4 on port 2011) so I can telnet to these and be "attached" to the various Olive console ports. Yes, this does mean my doctoring of the cable above was interesting, but not entirely necessary.
Having one Olive box is great for CLI familiarity but multiple Olives interacting with each other is the only way to really get to grips with the routing protocols and route filtering techniques. Once one Olive session is fully built, it's a piece of cake to mirror this so you can have 2 or 3 or more (resources dependant) on one box. The main limiting factor of this approach is the lack of physical serial ports on the server. Mine only has a single COM1. To get round this, I used the FREEWARE HW Virtual Serial Port v2.5.10 software from HW-group. Using the command line (or creating shortcuts in the Windows user profile startup folder so it was persistent), I created 3 new virtual serial ports that were setup as telnet servers (COM2 on port 2009, COM3 on port 2010, COM4 on port 2011) so I can telnet to these and be "attached" to the various Olive console ports. Yes, this does mean my doctoring of the cable above was interesting, but not entirely necessary.
How To - Installation of J-Web (Allows Web Based Administration Of Olive)
J-series Juniper routers automatically come bundled with J-Web (click here for the complete J-Web 8.3 PDF user guide - 1.81 MB). When an Olive is built, the software believes it is an M series device, and does not install J-Web, however if you have the install module, it's a piece of cake. I have installed J-web 8.3 to each of my Olive virtual machines and the process is as follows:
How To - Install JunOS on Vmware [Updated]
Olive is a machine that run JunOS not in Juniper machine. Not like Cisco IOS that have Dynamips as ready to use IOS simulator, there is no ready to use JunOS simulator. Fortunately, JunOS runs on top of FreeBSD machine, so that we can simulate by install it on FreeBSD machine. So, to whom that want to learn JunOS, or want to take JNCIE :), but do not have Juniper machine, Olive is the solutions. This procedure will explain how to install JunOS in VMWare or Olive.
Here are you need to prepare, FreeBSD image, VMWare, and Junos image itself. Follow steps below for installing Olive.
HOWTO: Juniper Olive using VMware
I recently joined a new company, I have been asked to start certifying myself for Juniper Networks. My goal for next year is to become JNCIA, JNCIS & possibly JNCIP certified. Because I’ve already got allot of experience with the various protocols out there I don’t see getting the JNCIA & JNCIS certification to be an issue. For the JNCIP however, I need to really get my hands-on up to speed. This is why I decided to install Olives again, but this time by making use of VMware and one really big computer
I hope you’ll find this guide usefull, if it is ever found out there
Because JUNOS software is not freeware, I will not make my virtual Olives available for download. You should be working for a company with a Juniper Networks support-contract so you can download JUNOS from their website.
Subscribe to:
Comments (Atom)
