Convert configuration of Juniper to Cisco Firewall

Unanswered Question
Jan 16th, 2013

Can somebody help me to convert the following config of Juniper router to cisco ASA

set interfaces ge-0/0/0 description xxxxxxxxxxx

set interfaces ge-0/0/0 vlan-tagging

set interfaces ge-0/0/0 mtu 4000

set interfaces ge-0/0/0 no-gratuitous-arp-request

set interfaces ge-0/0/0 unit 1 arp-resp unrestricted

set interfaces ge-0/0/0 unit 1 proxy-arp

set interfaces ge-0/0/0 unit 1 vlan-id 1

set interfaces ge-0/0/0 unit 1 family inet address X.X.X.X/25

set interfaces ge-0/0/0 unit 255 vlan-id 255

set interfaces ge-0/0/0 unit 255 family inet address X.X.X.X/30

set interfaces ge-0/0/1 description TUNNEL

set interfaces ge-0/0/1 vlan-tagging

set interfaces ge-0/0/1 mtu 4000

set interfaces ge-0/0/1 no-gratuitous-arp-request

set interfaces ge-0/0/1 unit 1 arp-resp restricted

set interfaces ge-0/0/1 unit 1 proxy-arp unrestricted

set interfaces ge-0/0/1 unit 1 vlan-id 1

set interfaces ge-0/0/1 unit 1 family inet address X.X.X.X/25

set interfaces ge-0/0/2 description to-xxxxxxxxxx

set interfaces ge-0/0/2 vlan-tagging

set interfaces ge-0/0/2 mtu 4000

set interfaces ge-0/0/2 unit 556 vlan-id 556

set interfaces ge-0/0/2 unit 556 family inet address X.X.X.X/30

set interfaces ge-0/0/2 unit 558 vlan-id 558

set interfaces ge-0/0/2 unit 558 family inet address X.X.X.X/30

set interfaces vlan unit 1 proxy-arp unrestricted

set routing-options static route X.X.X.X/32 next-hop X.X.X.X

set routing-options static route X.X.X.X/32 next-hop X.X.X.X

set routing-options static route X.X.X.X/32 next-hop X.X.X.X

set routing-options static route X.X.X.X/32 next-hop X.X.X.X

set routing-options static route X.X.X.X/32 next-hop X.X.X.X

set routing-options static route X.X.X.X/30 next-hop X.X.X.X

set routing-options static route 0.0.0.0/0 next-hop X.X.X.X

set protocols rip receive both

set protocols rip group xxxxxx neighbor ge-0/0/0.1

set policy-options policy-statement RIP-export term a from protocol direct

set policy-options policy-statement RIP-export term a from protocol rip

set policy-options policy-statement RIP-export term a then accept

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
mgarcarz Fri, 01/18/2013 - 03:22

Hi,

Disclaimer: there are many flavours of IOS, can not warrant that it will work for every possible software version.

For the fist interface:

no ip gratuitous-arps

int g0/0

switchport trunk encapsulation dot

switchport mode trunk

switchport trunk allowed vlan 1,255

int vlan 1

ip proxy-arp

ip address X.X.X.X/25

int vlan 255

ip proxy-arp

ip address X.X.X.X/30

#repeat the same for next interfaces/vlans

For first routing entry (

set routing-options static route X.X.X.X/32 next-hop Y.Y.Y.Y)

ip route X.X.X.0 255.255.255.0 Y.Y.Y.Y

For RIP:

router rip

passive-interface default

no passive-interface gig0/0

For routing leakage: i do not see the rest of the config, but you can control what routes to accept using

router rip

distribute-list 100 in     #ACL number 100 decides which routes to accept.

--

Michal

ahmedzniti Thu, 03/14/2013 - 15:13

hello

what's the mean of the following command and what's the equivalent on cisco 

unit 1 arp-resp unrestricted

no-gratuitous-arp-request

unit 1 proxy-arp

set interfaces vlan unit 1 proxy-arp unrestricted

the problem if we activate the proxy arp on asa cisco 5525 X didnt work and i note that the proxy arp is enabled by default


below all juniper configuration

set interfaces ge-0/0/0 description Test

set interfaces ge-0/0/0 vlan-tagging

set interfaces ge-0/0/0 mtu 4000

set interfaces ge-0/0/0 no-gratuitous-arp-request

set interfaces ge-0/0/0 unit 1 arp-resp unrestricted

set interfaces ge-0/0/0 unit 1 proxy-arp

set interfaces ge-0/0/0 unit 1 vlan-id 1

set interfaces ge-0/0/0 unit 1 family inet address 10.10.132.1/25

set interfaces ge-0/0/0 unit 255 vlan-id 255

set interfaces ge-0/0/0 unit 255 family inet address 192.168.2.2/30

set interfaces ge-0/0/1 description Test2

set interfaces ge-0/0/1 vlan-tagging

set interfaces ge-0/0/1 mtu 4000

set interfaces ge-0/0/1 no-gratuitous-arp-request

set interfaces ge-0/0/1 unit 1 arp-resp restricted

set interfaces ge-0/0/1 unit 1 proxy-arp unrestricted

set interfaces ge-0/0/1 unit 1 vlan-id 1

set interfaces ge-0/0/1 unit 1 family inet address 10.10.132.129/25

set interfaces ge-0/0/2 description to-BB

set interfaces ge-0/0/2 vlan-tagging

set interfaces ge-0/0/2 mtu 4000

set interfaces ge-0/0/2 unit 556 vlan-id 556

set interfaces ge-0/0/2 unit 556 family inet address 10.1.6.90/30

set interfaces ge-0/0/2 unit 558 vlan-id 558

set interfaces ge-0/0/2 unit 558 family inet address 10.1.6.134/30

set interfaces vlan unit 1 proxy-arp unrestricted

set routing-options static route 208.226.76.25/32 next-hop 10.10.132.101

set routing-options static route 24.201.44.122/32 next-hop 10.10.132.101

set routing-options static route 216.150.170.90/32 next-hop 10.10.132.101

set routing-options static route 42.220.13.162/32 next-hop 10.10.132.101

set routing-options static route 81.247.181.14/32 next-hop 10.10.132.101

set routing-options static route 10.1.6.128/30 next-hop 10.1.6.89

set routing-options static route 0.0.0.0/0 next-hop 10.1.6.133

set protocols rip receive both

set protocols rip group Group1 neighbor ge-0/0/0.1

set policy-options policy-statement RIP-export term a from protocol direct

set policy-options policy-statement RIP-export term a from protocol rip

set policy-options policy-statement RIP-export term a then accept

Actions

Login or Register to take actions

This Discussion

Posted January 16, 2013 at 1:19 PM
Stats:
Replies:2 Avg. Rating:
Views:817 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard

Rank Username Points
1 7,861
2 6,140
3 3,170
4 1,473
5 1,446