search for: netscreen

Does anyone have Asterisk running over a "policy-based" NetScreen IPSEC VPN with NetScreen OS 5.x? I have Asterisk behind an NS50 on one end and a Grandstream phone on the other behind a NS 5XP on the other. The SIP session appears to set up fine, but no media goes across - no voice, just silence. Everything else works. This worked fine under Screen OS 4.X, b...

Sorry to barge in on an old thread. I''m having the same trouble as the gent who started this thread. I''ve tried the options described and can''t seem to get the tunnel to pass packets through it. I''m using the Netscreen Remote VPN client (Safenet derivative) on a windows machine, trying to connect to a Netscreen 5xp at the other end. The connection fires up, but then I am not able to send anything through it. (Both the client and the remote device tell me that the connection is authenticated and up.) Kinka...

Sorry for going OT, but this list host an amazing diveristy of networking knowledge, and i am staring to get a bit desperate. I need to get a lan-to-lan tunnel working between a Linux firewall (shorewall) and a Netscreen 25 firewall (ScreenOS 4). ANd i cannot find a simple useful guide on how to do this. I cannot get it working via isakmpd or racoon. So, if someone HAS done this, i would love to look at your notes, heck, i could even pay for this service...

...ich is absolutely believable since one of my users works for the company and checks his mail via the web mailer. The strange part is that the company rep said these scans started some time on Sunday, while my user definitely was not using the company's hardware. Apparently, the company uses NetScreen hardware and/or software for such intrusion detection / prevention mechanisms and the log he provided read: [Root]system-alert-00016: Port scan! From $my-server-ip:80 to $their-server-ip:8254, proto TCP (zone Untrust, int ethernet1). Occurred 1 times. My questions are: 1. Can this be malicious...

Hi all, Lookin to do an IPSEC VPN between a Juniper SSG5 and Centos 5.5. Reading some docs that ref /etc/ipsec-tools.conf but they do not exist on my box being Centos 5.5. The package ipsec-tools is installed and I'm guessing /etc/racoon/ racoon.conf is what I am looking for. Anyways, some help would be very appreciated. - aurf

...strator - Salary Range 55-65K CAD per anum Looking for someone with 5+ years of experience working with Linux/Unix systems. Networking and Windows experience not as important. - Manage Linux systems - Manage FreeBSD systems - Manage Cisco switches - Manage Foundry loadbalancers - Manage Juniper Netscreen firewalls - Manage Cisco Pix firewalls - Manage Windows Server 2003 and Windows Server 2003 x64 systems 2. Junior System and Network Administrator ? Salary Range 35-50K CAD per anum Looking for someone with 2-5 year experience doing desktop support, looking to learn and do more production enviro...

...y, and if the firewalls are replaced with a router (the two 'sites' were original local for testing), then the problem goes away. However, the firewall policy doesn't limit anything (and wouldn't it break Windows too?) Does this ring any bells with anyone? The firewalls are Juniper Netscreens at both ends, for what it's worth. I've had a google around, and I can't see anything related to packet size or MTUs, which is what it smells like to me... (presumably the 9th filename ends up in a second packet, or a certain sized response). Thanks in advance for any pointers, Howie

We have a customer with a handful of Sayson/Aastra 480i phones behind a Juniper Networks Netscreen firewall registering with our hosted PBX service. The Netscreen monitors the REGISTER messages and only keeps the reverse mapping open for the duration of the registration period. It appears that every so often the Sayson does not send out another REGISTER message after the registration has expire...

https://bugzilla.mindrot.org/show_bug.cgi?id=1980 dajoker at gmail.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dajoker at gmail.com --- Comment #6 from dajoker at gmail.com --- The ' openssh-unix-dev at mindrot.org' mailing list thread

Hi guys, I am running with: "OpenSSH_3.9p1 Debian-1ubuntu2, OpenSSL 0.9.7e 25 Oct 2004", as an ssh client, and am having some strange behaviour with a firewall of ours. We have a netscreen 5gt-plus, running ScreenOS 5.0.2, which has an ssh daemon running. I ssh to the firewall using `ssh username@<ip address>`, which works correctly (ie, connects, and I can use the console of the firewall). If I restart the firewall using the command 'reset', I get a message that the...

After upgrading to 5.1, connections to our Juniper E-Series routers fail with: $ ssh -v eseries OpenSSH_5.1p1, OpenSSL 0.9.8g 19 Oct 2007 debug1: Reading configuration data /etc/ssh_config debug1: Applying options for *-lns* debug1: Applying options for * debug1: Connecting to eseries [1.2.3.4] port 22. debug1: fd 3 clearing O_NONBLOCK debug1: Connection established. debug1: identity file

...main LAN/Internet network. I used Debian Sarge with kernel 2.6.9/ipsec-netfilter patched, and Shorewall 2.2.0-RC3 on a Asus P4S533, 2.4 GHz PenIV and 512MB memory. The Toshiba A60-S166, PenIV, 2.4G laptops run Windows XP Pro and have internal Atheros based wireless cards with SuperG technology and Netscreen-Remote VPN Client software. By using a Linksys AP that has the same chipset as the laptops and connected to the server WLAN interface, I''m able to run in Turbo Mode and obtain 20 Mbs average and sustained speeds, 23Mbs peak, when testing 100 MB file transfers while using IPSec-AES-SHA1. Th...

Hello all, I need a virtual firewall/router solution. I''m thinking of a netscreen 1000 but I want to know if it can be done in Linux. Here is my idea: 1 Linux box 2 GigE interfaces 1 interface setup with a public IP address ($PUBIP) 1 interface setup with 802.1q VLAN trunking with 100 vlans assigned ($VLAN1-$VLAN100) a /25 subnet routed to $PUBIP from my core routers All $...

...2: ssh_connect: needpriv 0 debug1: Connecting to router [10.1.1.1] port 1024. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug1: identity file /root/.ssh/id_rsa type -1 debug1: identity file /root/.ssh/id_dsa type -1 debug1: Remote protocol version 2.0, remote software version NetScreen debug1: no match: NetScreen debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.1 debug2: fd 3 setting O_NONBLOCK debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-he...

Hi All, Until now I've only used IAX2 to connect to ITSPs. I've been toying with a SIP connection to Gizmo Project, but not yet successfully. It brings to mind a question. At what point does it make sense to consider a SIP-aware firewall such as those from Ingate? I'd hate to move away from my m0n0wall, which is open source, easy to manage and has served me brilliantly for two

Hello, I switched from my PSTN provider to a voip provider. (Voicedata in the Netherlands) >From the moment i switched all inbound calls are terminated after aproximatly 1 minute. The provider tells me it's not their issue since I have no other configuration than all their other users. What can I do. I removed all asterisk functionality by forwarding the inboud call directly to a local

...IGNOREMSG }, { "^1\\.2\\.2[012]", SSH_BUG_IGNOREMSG }, + { "^1\\.2\\.2[3-9]", SSH_BUG_SERVERLIESSIZE }, + { "^1\\.2\\.3[0-1]", SSH_BUG_SERVERLIESSIZE }, { "^1\\.3\\.2", SSH_BUG_IGNOREMSG }, /* f-secure */ { "^SSH Compatible Server", /* Netscreen */ SSH_BUG_PASSWORDPAD }, --- sshconnect1.c.O Thu Jul 5 10:49:13 2001 +++ sshconnect1.c Thu Jul 5 10:49:28 2001 @@ -37,6 +37,7 @@ #include "packet.h" #include "mpaux.h" #include "uidswap.h" +#include "compat.h" #include "log.h" #include...

...he core dump landed in root's home directory in one of my jails. Has anyone seen this before? Should I be concerned? chkrootkit says nothing. (How trustworthy is its output? ;-) Thanks. Cheers. -- Ng Pheng Siong <ngps@netmemetic.com> http://firewall.rulemaker.net -+- Cisco PIX & Netscreen Config Version Control http://sandbox.rulemaker.net/ngps -+- M2Crypto, ZServerSSL for Zope, Blog

...sr/share/logwatch/scripts/shared/removeservice 'inetd'| /usr/bin/perl /usr/share/logwatch/scripts/shared/removeservice 'nfsd'| /usr/bin/perl /usr/share/logwatch/scripts/shared/removeservice '/sbin/mingetty'| /usr/bin/perl /usr/share/logwatch/scripts/shared/removeservice 'netscreen'| /usr/bin/perl /usr/share/logwatch/scripts/shared/removeservice 'netscreen'| /usr/bin/perl /usr/share/logwatch/scripts/shared/onlyhost ''| /usr/bin/perl /usr/share/logwatch/scripts/shared/applystddate ''>/var/cache/logwatch/logwatch.sOga48bL/messages DEBUG: Inside Re...

I have Asterisk server providing phone service for my company. The server is behind a PIX-515 FW and is assigned a private address 192.168.11.X/24. With that said what is best to provide remote SIP phones (home offices) securely. If the solution is to put up another Asterisk server with a public IP address I am opposed to that. I am looking for the a secure reliable solution to set up remote SIP