1. Home
  2. Networking Firewalls
  3. 5XP Virtual Servers AND SSH

5XP Virtual Servers AND SSH

I have a 5XP that has been running for a very long time. It has one of the original versions of Screen OS on it, 2.6 or something like that. I have contacted Juniper about upgrading the software with no response so far. Anyway here is my question..

I am trying to log into a machine on my trusted network using SSH. I have tested and have no trouble doing this locally, now I want to get in via the internet.

I created.. 2 services on the Virtual IP (these are Net Screen terms)

The first : Virtual IP :Untrusted interface ip (192.168.1.0). Virtual Port 2121 Service FTP Map to IP : 192.168.0.150

The second: Virtual IP :Untrusted interface ip (192.168.1.0). Virtual Port 2222 Service: SSH Map to IP : 192.168.0.150

In addition I created 2 policies. As follows.

Source: Any Destination : VIP ::1

And the corresponding service set to SSH or FTP. I enabled logging on both policies. And neither log shows any entries.

For both services I created the status is showing as "Not available". And I don't understand. Any ideas? Any ideas what I am missing in order to get this to work?

Reply to
ucs308
Loading thread data ...

Any ideas on this? Any other places I could ask this question?

snipped-for-privacy@gmail.com wrote:

Reply to
ucs308

Close but no cigar. I changed my admin port to 2222 then I can ssh to the VIP.

set service "ssh2222" protocol tcp src-port 0-65535 dst-port 2222-2222 set admin ssh port 2222 set policy id 2 from "Untrust" to "Trust" "A.B.C.D/32" "VIP::1" "SSH" permit

The ssh to the NS is "ssh -p 2222 snipped-for-privacy@w.x.y.z"

A good site for Netscreen stuff is ...

formatting link
Also a mailing list here:
formatting link
I think you can still get suppport for the XP then you can download upgrades. Call your reseller, not Netscreen. Note the XP is end-of-life though 5.0.0 code is available. alan

Reply to
Alan Strassberg

Thanks. It still does not work for me, probably because these 2 commands..

set admin ssh port 2222 set policy id 2 from "Untrust" to "Trust" "A.B.C.D/32" "VIP::1" "SSH" permit

Do not work for me. If I look at the available syntax on my box some of that syntax is not supported. So I think I need to get an updated version of the OS. In the mean time I'll take my discussion over to the netscreen forum.

Thank-you for your help.

Reply to
ucs308

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.