cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1952
Views
0
Helpful
2
Replies

Convert configuration of Juniper to Cisco Firewall

Can somebody help me to convert the following config of Juniper router to cisco ASA

set interfaces ge-0/0/0 description xxxxxxxxxxx

set interfaces ge-0/0/0 vlan-tagging

set interfaces ge-0/0/0 mtu 4000

set interfaces ge-0/0/0 no-gratuitous-arp-request

set interfaces ge-0/0/0 unit 1 arp-resp unrestricted

set interfaces ge-0/0/0 unit 1 proxy-arp

set interfaces ge-0/0/0 unit 1 vlan-id 1

set interfaces ge-0/0/0 unit 1 family inet address X.X.X.X/25

set interfaces ge-0/0/0 unit 255 vlan-id 255

set interfaces ge-0/0/0 unit 255 family inet address X.X.X.X/30

set interfaces ge-0/0/1 description TUNNEL

set interfaces ge-0/0/1 vlan-tagging

set interfaces ge-0/0/1 mtu 4000

set interfaces ge-0/0/1 no-gratuitous-arp-request

set interfaces ge-0/0/1 unit 1 arp-resp restricted

set interfaces ge-0/0/1 unit 1 proxy-arp unrestricted

set interfaces ge-0/0/1 unit 1 vlan-id 1

set interfaces ge-0/0/1 unit 1 family inet address X.X.X.X/25

set interfaces ge-0/0/2 description to-xxxxxxxxxx

set interfaces ge-0/0/2 vlan-tagging

set interfaces ge-0/0/2 mtu 4000

set interfaces ge-0/0/2 unit 556 vlan-id 556

set interfaces ge-0/0/2 unit 556 family inet address X.X.X.X/30

set interfaces ge-0/0/2 unit 558 vlan-id 558

set interfaces ge-0/0/2 unit 558 family inet address X.X.X.X/30

set interfaces vlan unit 1 proxy-arp unrestricted

set routing-options static route X.X.X.X/32 next-hop X.X.X.X

set routing-options static route X.X.X.X/32 next-hop X.X.X.X

set routing-options static route X.X.X.X/32 next-hop X.X.X.X

set routing-options static route X.X.X.X/32 next-hop X.X.X.X

set routing-options static route X.X.X.X/32 next-hop X.X.X.X

set routing-options static route X.X.X.X/30 next-hop X.X.X.X

set routing-options static route 0.0.0.0/0 next-hop X.X.X.X

set protocols rip receive both

set protocols rip group xxxxxx neighbor ge-0/0/0.1

set policy-options policy-statement RIP-export term a from protocol direct

set policy-options policy-statement RIP-export term a from protocol rip

set policy-options policy-statement RIP-export term a then accept

2 Replies 2

Michal Garcarz
Cisco Employee
Cisco Employee

Hi,

Disclaimer: there are many flavours of IOS, can not warrant that it will work for every possible software version.

For the fist interface:

no ip gratuitous-arps

int g0/0

switchport trunk encapsulation dot

switchport mode trunk

switchport trunk allowed vlan 1,255

int vlan 1

ip proxy-arp

ip address X.X.X.X/25

int vlan 255

ip proxy-arp

ip address X.X.X.X/30

#repeat the same for next interfaces/vlans

For first routing entry (

set routing-options static route X.X.X.X/32 next-hop Y.Y.Y.Y)

ip route X.X.X.0 255.255.255.0 Y.Y.Y.Y

For RIP:

router rip

passive-interface default

no passive-interface gig0/0

For routing leakage: i do not see the rest of the config, but you can control what routes to accept using

router rip

distribute-list 100 in     #ACL number 100 decides which routes to accept.

--

Michal

hello

what's the mean of the following command and what's the equivalent on cisco 

unit 1 arp-resp unrestricted

no-gratuitous-arp-request

unit 1 proxy-arp

set interfaces vlan unit 1 proxy-arp unrestricted

the problem if we activate the proxy arp on asa cisco 5525 X didnt work and i note that the proxy arp is enabled by default


below all juniper configuration

set interfaces ge-0/0/0 description Test

set interfaces ge-0/0/0 vlan-tagging

set interfaces ge-0/0/0 mtu 4000

set interfaces ge-0/0/0 no-gratuitous-arp-request

set interfaces ge-0/0/0 unit 1 arp-resp unrestricted

set interfaces ge-0/0/0 unit 1 proxy-arp

set interfaces ge-0/0/0 unit 1 vlan-id 1

set interfaces ge-0/0/0 unit 1 family inet address 10.10.132.1/25

set interfaces ge-0/0/0 unit 255 vlan-id 255

set interfaces ge-0/0/0 unit 255 family inet address 192.168.2.2/30

set interfaces ge-0/0/1 description Test2

set interfaces ge-0/0/1 vlan-tagging

set interfaces ge-0/0/1 mtu 4000

set interfaces ge-0/0/1 no-gratuitous-arp-request

set interfaces ge-0/0/1 unit 1 arp-resp restricted

set interfaces ge-0/0/1 unit 1 proxy-arp unrestricted

set interfaces ge-0/0/1 unit 1 vlan-id 1

set interfaces ge-0/0/1 unit 1 family inet address 10.10.132.129/25

set interfaces ge-0/0/2 description to-BB

set interfaces ge-0/0/2 vlan-tagging

set interfaces ge-0/0/2 mtu 4000

set interfaces ge-0/0/2 unit 556 vlan-id 556

set interfaces ge-0/0/2 unit 556 family inet address 10.1.6.90/30

set interfaces ge-0/0/2 unit 558 vlan-id 558

set interfaces ge-0/0/2 unit 558 family inet address 10.1.6.134/30

set interfaces vlan unit 1 proxy-arp unrestricted

set routing-options static route 208.226.76.25/32 next-hop 10.10.132.101

set routing-options static route 24.201.44.122/32 next-hop 10.10.132.101

set routing-options static route 216.150.170.90/32 next-hop 10.10.132.101

set routing-options static route 42.220.13.162/32 next-hop 10.10.132.101

set routing-options static route 81.247.181.14/32 next-hop 10.10.132.101

set routing-options static route 10.1.6.128/30 next-hop 10.1.6.89

set routing-options static route 0.0.0.0/0 next-hop 10.1.6.133

set protocols rip receive both

set protocols rip group Group1 neighbor ge-0/0/0.1

set policy-options policy-statement RIP-export term a from protocol direct

set policy-options policy-statement RIP-export term a from protocol rip

set policy-options policy-statement RIP-export term a then accept

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: