External management on a netscreen-5

I'm trying to remotely manage a netscreen5 , but I'm having no luck. On the untrusted interface I am given a Manage IP, but I dont have a second valid IP to give it. -

I'm trying to map to the trusted mangement IP -- no luck

My goal is to either SSH or https to the firewall remotely.

Any help would be appricated!

Thanks, AL

Reply to
alavel
Loading thread data ...

I'm trying to remotely manage a netscreen5 , but I'm having no luck. On the untrusted interface I am given a Manage IP, but I dont have a second valid IP to give it. -

I'm trying to map to the trusted mangement IP -- no luck

My goal is to either SSH or https to the firewall remotely.

Any help would be appricated!

Thanks, AL

Reply to
alavel

I'm trying to remotely manage a netscreen5 , but I'm having no luck. On the untrusted interface I am given a Manage IP, but I dont have a second valid IP to give it. -

I'm trying to map to the trusted mangement IP -- no luck

My goal is to either SSH or https to the firewall remotely.

Any help would be appricated!

Thanks, AL

Reply to
alavel

I would like to get to the device, but I only have a 32 bit valid IP.

thanks

Reply to
alavel

One IP is fine...

set admin manager-ip A.B.C.D (your external IP for security,optional) set interface untrust manage ssh set interface untrust manage web set ssh version v2 set ssh enable

Then ssh snipped-for-privacy@W.X.Y.Z assuming "netscreen" is the admin account.

alan

Reply to
Alan Strassberg

If you have one external address,, externally, you can only manage the firewall on the same IP address as the external interface. Set the Manage-IP address to be 0.0.0.0 - (it defaults to the same IP as the untrust interface). Then enable ssh and web etc. Note however, that web and telnet are clear text so the admin login userid password and configuration changes are not encrypted, so not really meant for external connections. You should use ssh or ssl communications for the encrypted equivalent.

Also have a look under admin, management and permitted IPs list. This allows you to restrict by source IP who can connect to manage the firewall in the first place. Remember to firstly add your internal IP/range othewise you may lock yourself out.

Hope this is helpful.

AM

formatting link

Reply to
AM

Reply to
alavel

Thanks Alan I still cannot get to the 'box' externally using one IP (interface). I was able to get to the device if I used a second valid IP (tested that from work)

Unfortunately, I do not have that luxury at my home.

{Perhaps the version could be the issue? 2.6.1r13.1

Thanks, Alain

Reply to
alavel

Thanks AM

I already tried you suggestion before posting to this news group. I was able to add a second valid IP and it worked just fine, however I use this device for home use and I only have one DYNAMIC L IP

Thanks, Alain

Reply to
alavel

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.