5XP Virtual Servers AND SSH

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Threaded View
I have a 5XP that has been running for a very long time. It has one of
the original versions of Screen OS on it, 2.6 or something like that. I
have contacted Juniper about upgrading the software with no response so
far. Anyway here is my question..

I am trying to log into a machine on my trusted network using SSH. I
have tested and have no trouble doing this locally, now I want to get
in via the internet.

I created.. 2 services on the Virtual IP (these are Net Screen terms)

The first :
  Virtual IP :Untrusted interface ip (
  Virtual Port 2121
  Service FTP
  Map to IP :

The second:
  Virtual IP :Untrusted interface ip (
  Virtual Port 2222
  Service: SSH
  Map to IP :

In addition I created 2 policies. As follows.

  Source: Any
  Destination : VIP ::1

And the corresponding service set to SSH or FTP. I enabled logging on
both policies. And neither log shows any entries.

For both services I created the status is showing as "Not available".
And I don't understand. Any ideas? Any ideas what I am missing in order
to get this to work?

Re: 5XP Virtual Servers AND SSH
Any ideas on this? Any other places I could ask this question?

ucs308@gmail.com wrote:
Quoted text here. Click to load it

Re: 5XP Virtual Servers AND SSH
Quoted text here. Click to load it

    Close but no cigar. I changed my admin port to 2222 then I
    can ssh to the VIP.

set service "ssh2222" protocol tcp src-port 0-65535 dst-port 2222-2222
set admin ssh port 2222
set policy id 2 from "Untrust" to "Trust"  "A.B.C.D/32" "VIP::1" "SSH" permit

    The ssh to the NS is "ssh -p 2222 netscreen@w.x.y.z"

    A good site for Netscreen stuff is ...

    http://netscreenforum.com /

    Also a mailing list here:
    http://qorbit.net/nn /

    I think you can still get suppport for the XP then you can download
    upgrades. Call your reseller, not Netscreen. Note the XP is
    end-of-life though 5.0.0 code is available.

Re: 5XP Virtual Servers AND SSH

Thanks. It still does not work for me, probably because these 2

set admin ssh port 2222
set policy id 2 from "Untrust" to "Trust"  "A.B.C.D/32" "VIP::1" "SSH"

Do not work for me. If I look at the available syntax on my box some of
that syntax is not supported. So I think I need to get an updated
version of the OS. In the mean time I'll take my discussion over to the
netscreen forum.

Thank-you for your help.

Site Timeline