Hi There
Im replacing our 2 NS5XP with 2 NS5GT.
However I cannot access the internet using the NS5GT , I can ping both the trusted port , untrusted port and router from the trusted network, but nothing else? No Internet?
As far as I can see my policies are setup for any any access from Trust to Untrusted.
I have NAT on Trust and Route on Untrusted, I have swapped these but still no joy? I can also ping from the router to the untrusted port!
I have tried various things but now at the end of my tether, so any help would br great.
Here is my output from both a get int untrust and get conf
ns5gt-> GET INT UNTRUST
Interface untrust:
description untrust
number 1, if_info 88, if_index 0, mode route
link up, phy-link up/full-duplex
vsys Root, zone Untrust, vr trust-vr
dhcp client disabled
PPPoE disabled
admin mtu 0, operating mtu 1500, default mtu 1500
*ip 217.39.147.21/29 mac 0014.f696.22a1
*manage ip 217.39.147.21, mac 0014.f696.22a1
route-deny disable
pmtu-v4 disabled
ping enabled, telnet disabled, SSH enabled, SNMP disabled
web enabled, ident-reset disabled, SSL
DNS Proxy disabled, webauth disabled, webauth-ip 0.0.0.0
OSPF disabled BGP disabled RIP disabled RIPng disabled mtrace disabled
PIM: not configured IGMP not configured
bandwidth: physical 100000kbps, configured egress [gbw 0kbps mbw 0kbps]
configured ingress mbw 0kbps, current bw 0kbps
total allocated gbw 0kbps
DHCP-Relay disabled
DHCP-server disabled
Number of SW session: 2062, hw sess err cnt 0
ns5gt->
ns5gt-> GET CONF
Total Config size 2927:
set clock timezone 0
set vrouter trust-vr sharable
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
unset auto-route-export
exit
set auth-server "Local" id 0
set auth-server "Local" server-name "Local"
set auth default auth server "Local"
set auth radius accounting port 1646
set admin name "something"
set admin password "hbgy76yuer"
set admin auth timeout 10
set admin auth server "Local"
set admin format dos
set zone "Trust" vrouter "trust-vr"
set zone "Untrust" vrouter "trust-vr"
set zone "VLAN" vrouter "trust-v
set zone "Untrust-Tun" vrouter "trust-vr"
set zone "Trust" tcp-rst
set zone "Untrust" block
unset zone "Untrust" tcp-rst
set zone "MGT" block
set zone "VLAN" block
set zone "VLAN" tcp-rst
set zone "Untrust" screen tear-drop
set zone "Untrust" screen syn-flood
set zone "Untrust" screen ping-death
set zone "Untrust" screen ip-filter-src
set zone "Untrust" screen land
set zone "V1-Untrust" screen tear-drop
set zone "V1-Untrust" screen syn-flood
set zone "V1-Untrust" screen ping-death
set zone "V1-Untrust" screen ip-fi
set zone "V1-Untrust" screen land
set interface "trust" zone "Trust"
set interface "untrust" zone "Untrust"
unset interface vlan1 ip
set interface trust ip 200.1.1.30/24
set interface trust nat
set interface untrust ip 217.39.147.21/29
set interface untrust route
unset interface vlan1 bypass-others-ipsec
unset interface vlan1 bypass-non-ip
set interface trust ip manageable
set interface untrust ip manageable
set interface untrust manage ping
set interface untrust manage ssh
set interface untrust manage ssl
set interface untrust manage web
set flow tcp-mss
unset flow tcp-syn-check
set hostname ns5gt
set pki authority default scep mode "auto"
set pki x509 default cert-path partial
set dns host dns1 194.74.65.68
set dns host dns2 194.74.65.69
set ike respond-bad-spi 1
unset ike ikeid-enumeration
unset ipsec access-session enable
set ipsec access-session maximum 5000
set ipsec access-session upper-threshold 0
set ipsec access-session lower-threshold 0
set ipsec access-session dead-p2-sa-timeout 0
unset ipsec access-sess
unset ipsec access-session info-exch-connected
unset ipsec access-session use-error-log
set url protocol sc-cpa
exit
set policy id 1 from "Trust" to "Untrust" "Any" "Any" "ANY" nat src permit log
set policy id 1
exit
set global-pro policy-manager primary outgoing-interface untrust
set global-pro policy-manager secondary outgoing-interface untrust
set nsmgmt bulkcli reboot-timeout 60
set ssh version v2
set config lock timeout 5
set modem speed 115200
set modem retry 3
set modem interval 10
set modem idle-time 10
set snmp port listen 161
set snmp port trap 162
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
unset add-default-route
exit
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
exit
ns5gt->
Im replacing our 2 NS5XP with 2 NS5GT.
However I cannot access the internet using the NS5GT , I can ping both the trusted port , untrusted port and router from the trusted network, but nothing else? No Internet?
As far as I can see my policies are setup for any any access from Trust to Untrusted.
I have NAT on Trust and Route on Untrusted, I have swapped these but still no joy? I can also ping from the router to the untrusted port!
I have tried various things but now at the end of my tether, so any help would br great.
Here is my output from both a get int untrust and get conf
ns5gt-> GET INT UNTRUST
Interface untrust:
description untrust
number 1, if_info 88, if_index 0, mode route
link up, phy-link up/full-duplex
vsys Root, zone Untrust, vr trust-vr
dhcp client disabled
PPPoE disabled
admin mtu 0, operating mtu 1500, default mtu 1500
*ip 217.39.147.21/29 mac 0014.f696.22a1
*manage ip 217.39.147.21, mac 0014.f696.22a1
route-deny disable
pmtu-v4 disabled
ping enabled, telnet disabled, SSH enabled, SNMP disabled
web enabled, ident-reset disabled, SSL
DNS Proxy disabled, webauth disabled, webauth-ip 0.0.0.0
OSPF disabled BGP disabled RIP disabled RIPng disabled mtrace disabled
PIM: not configured IGMP not configured
bandwidth: physical 100000kbps, configured egress [gbw 0kbps mbw 0kbps]
configured ingress mbw 0kbps, current bw 0kbps
total allocated gbw 0kbps
DHCP-Relay disabled
DHCP-server disabled
Number of SW session: 2062, hw sess err cnt 0
ns5gt->
ns5gt-> GET CONF
Total Config size 2927:
set clock timezone 0
set vrouter trust-vr sharable
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
unset auto-route-export
exit
set auth-server "Local" id 0
set auth-server "Local" server-name "Local"
set auth default auth server "Local"
set auth radius accounting port 1646
set admin name "something"
set admin password "hbgy76yuer"
set admin auth timeout 10
set admin auth server "Local"
set admin format dos
set zone "Trust" vrouter "trust-vr"
set zone "Untrust" vrouter "trust-vr"
set zone "VLAN" vrouter "trust-v
set zone "Untrust-Tun" vrouter "trust-vr"
set zone "Trust" tcp-rst
set zone "Untrust" block
unset zone "Untrust" tcp-rst
set zone "MGT" block
set zone "VLAN" block
set zone "VLAN" tcp-rst
set zone "Untrust" screen tear-drop
set zone "Untrust" screen syn-flood
set zone "Untrust" screen ping-death
set zone "Untrust" screen ip-filter-src
set zone "Untrust" screen land
set zone "V1-Untrust" screen tear-drop
set zone "V1-Untrust" screen syn-flood
set zone "V1-Untrust" screen ping-death
set zone "V1-Untrust" screen ip-fi
set zone "V1-Untrust" screen land
set interface "trust" zone "Trust"
set interface "untrust" zone "Untrust"
unset interface vlan1 ip
set interface trust ip 200.1.1.30/24
set interface trust nat
set interface untrust ip 217.39.147.21/29
set interface untrust route
unset interface vlan1 bypass-others-ipsec
unset interface vlan1 bypass-non-ip
set interface trust ip manageable
set interface untrust ip manageable
set interface untrust manage ping
set interface untrust manage ssh
set interface untrust manage ssl
set interface untrust manage web
set flow tcp-mss
unset flow tcp-syn-check
set hostname ns5gt
set pki authority default scep mode "auto"
set pki x509 default cert-path partial
set dns host dns1 194.74.65.68
set dns host dns2 194.74.65.69
set ike respond-bad-spi 1
unset ike ikeid-enumeration
unset ipsec access-session enable
set ipsec access-session maximum 5000
set ipsec access-session upper-threshold 0
set ipsec access-session lower-threshold 0
set ipsec access-session dead-p2-sa-timeout 0
unset ipsec access-sess
unset ipsec access-session info-exch-connected
unset ipsec access-session use-error-log
set url protocol sc-cpa
exit
set policy id 1 from "Trust" to "Untrust" "Any" "Any" "ANY" nat src permit log
set policy id 1
exit
set global-pro policy-manager primary outgoing-interface untrust
set global-pro policy-manager secondary outgoing-interface untrust
set nsmgmt bulkcli reboot-timeout 60
set ssh version v2
set config lock timeout 5
set modem speed 115200
set modem retry 3
set modem interval 10
set modem idle-time 10
set snmp port listen 161
set snmp port trap 162
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
unset add-default-route
exit
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
exit
ns5gt->