A Dvanced Junos Security: Lab Diagrams

A�dvanced Junos Security
1.2.b
Lab Diagrams
Worldwide Education Services
1194 North Mathilda Avenue

Sunnyvale, CA 94089
USA
408-745-2000
www.juniper.net
Course Number: EDU-JUN-AJSEC

This document is produced byJuniper Networks, Inc.
This document or any part thereof may not be reproduced or transmitted in any form under penalty of raw, without the prior written permission of Juniper Networks
Education Services.
Juniper Networks, Junos, Steel-Belted Radius, NetScreen, and ScreenOS are registered trademarks ofJuniper Networks, Inc. in the United States and other
countries. The Juniper Networks Logo, the Junos logo, andJunosE are trademarks of Juniper Networks, Inc. All other trademarks, service marks, registered
trademarks, or registered service marks are the property of their respective owners.
Advanced Junos Security Lab Diagrams, Revision 12.b
Copyright© 2013Juniper Networks, Inc. All rights reserved.
Printed in USA.
Revision History:
Revision 10.a--March 2011
Revision 12.a-June 2012
Revision 12.b-June 2013
The information in this document is current as of the date listed above.
The information in this document has been carefully verified and is believed to be accurate for software Release 12.1X44-D10.4.Juniper Networks assumes no
responsibilities for any inaccuracies that may appear in this document. In no event willJuniper Networks be liable for direct, indirect. special, exemplary,
incidental, or consequential damages resulting from any defect or omission in this document. even if advised of the possibility of such damages.
Juniper Networks reserves the right to change, modify, transfer. or otherwise revise this publication without notice.
YEAR 2000 NOTICE
Juniper Networks hardware and software products do not suffer from Year 2000 problems and hence are Year 2000 compliant. TheJunos operating syster, has
no known time-related limitations through the year 2038. However, the NTP application is known to have some difficulty in the year 2036.
SOFTWARE LICENSE
The terms and conditions for usingJuniper Networks software are described in the software license provided with the software, or to the extent applicable, in an
agreement executed between you and Juniper Networks, orJuniper Networks agent. By using Juniper Networks software, you indicate that you understand and
agree to be bound by its license terms and conditions. Generally speaking, the software license restricts the manner in which you are permitted to use theJuniper
Networks software, may contain prohibitions against certain uses, and may state conditions under which the license is automatically terminated. You should
consult the software license for further details.
Management Network Diagram
ge-0/0/0 (on all student devices)
Student
Workstations
Management Addressing
srxA-1 - srxD-1 -
srxA-2 - srxD-2 -
srxB-1 _ vr-device -
srxB-2 - Server
srxC-1 _ Gateway
srxC-2 _ Term Server
Server Note: Your instructor will provide address and access information.
Pod A Network Diagram: Implementing
AppSecure Lab
I
D
VM Client
172.16.1.100
Untrust Zone
ge-0/0/8
172.16.1.1/24
K= pod
.... - (1or2)
srxA-K
ge-0/0/9
172.16.10.1/24
- = - --
: VM Server's Duties I
Trust Zone FTP Server
Web Server
VM Server
172.16.10.100
Layer 2 Security Lab
I
�
Host 172.31.15.1
-1,>�
",(&
-�·q...
,si
o
(.'<J
.§>'e
Untrust Zone 'O
<;::,\o\}
� :;.---q...l.Y
.1) vlan.241 172.20.241.0/24 ge-0/0/1 (.50)

_ __ xA,.__
i ___, /(
sr -
loO: 192.168.1.1 (.50) ge-0/0/2 172.20.242.0/24
vlan.241 7
( . 1) �e,
ov�
172.20.241.0/24 <1 172.20.242.0/24
(.10) (.10)
Juniper-SV Virtual Routers --------=-' �uniper-WF

Junos Virtual Routing Lab
x--[il
Host 172.31.15.1
-<>�
"-<<9·
�o
:Y'j,
b
(.�
Untrust Zone'-..s>"e9,
, (2,-
0
::Y'a
srxA-1 (.1) ge-0/0/1 172.19.1.0/30 ge-0/0/1 (.2) srxA-2
(.�lan.201 ......,
- Interface ge-0/0/4 -
172.20.101.0/24 172.20.201.0/24 172.20.102.0/24 172.20.202.0/24
(.10) (.10) (10) (.10)'
-+
Juniper-SV ACME-SV .....___ Virtual Routers Juniper-WF ACME-WF
Pod A Network Diagram: Advanced NAT
Implementations Lab (Parts 1-3)
!�
- �,
Host 172.31.15.1
-<.>�
'-<c9
·�·
q_..\Y
o
r.-2,;
<S'°<9,o
rg_..
a
srxA-1 10.0.1.0/24 srxA-2
vlan.101 _,.. vlan.102/A1 )'\.vlan.202

/ - interface ge-0/0/4 - "
172.20.101.0/24 172.20.102.0/24 172.20.202.0/24
(.10) (.10) (.10)�
I \l··r....'>n"1 I ---
Juniper-SY · --- Virtual Routers Juniper-WF ACME-WF
Pod A Network Diagram: Advanced NAT
o
o\'':J -<'.><·.ze
\.<oruntrust Zone Untrust Zone �"2
:'\,..,v· g,..
\. -5>o
srxA-1 (.1) ge-0/0/2 10.0.1.0/24 g_e-0/0/2 (.129) srxA-2
(.1
vlan.201 vlan.202
,
,r
172.20.202.0/24
\
1Pv6 Subnet
(.10) (.10)
Added
Juniper-SV ACME-SV Juniper-WF ACME-WF

Pod A Network Diagram: Hub-and-Spoke
IPsec VPNs Lab
.. � ,.,. � ,_..,,,..___ --· ... . ·--
A-1 SpokeHosts A-2 SpokeHosts
;
Spoke1A-1 Spoke1A-2
Spoke1 192.171.10.3 Spoke1 192.171.10.6
stO: 10.10.10.3/24 stO: 10.10.10.6/24
Spoke2 192.171.10.4 loO: 192.168.10.3 loO: 192.168.10.6 Spoke2 192.171.10.7
Spoke3 192.171.10.5 Spoke3 192.171.10.8
Spoke 2A-1 Spoke2A-2

stO: 10.10.10.4/24 stO: 10.10.10.7/24
loO: 192.168.10.4 loO: 192.168.10. 7
Spoke3A-1 Spoke3A-2
stO: 10.10.10.5/24 I I li lstO: 10.10.10.8/24
loO: 192.168.10.5 loO: 192.168.10.8
NonJunos / "NonJunos
Device Device
srxA-1 srxA-2
stO: 10.10.10.1/24 stO: 10.10.10.2/24
I loO: 192.168.10.1 K_1) (.10)1 . loO: 192.168.10.2 I
. .. ·� I ___ , ...... l(.iO)
I,LUt; Ull
- Loca1-vt< cH-vn fi.
172.20.100.0/24 ____ I 72.20.200.0/24
Pod A Network Diagram: Configuring Group
VPNs Lab Lab
Key Server
loO: 192.168.11.3
I
srxA-1 srxA-2
loO: 192.168.11.1 loO: 192.168.11.2
.,..
172.20.101.0/24 172.20.201.0/24 172.20.102.0/24 172.20.202.0/24
(.10) (.10) (.10) (.10)'
,,,.
Juniper-SV ACME-SV ..___ Virtual Routers - Juniper-WF ACME-WF
Advanced IPsec VPN Solutions Lab
rl��;I-V�R Local-VR
(.10)
1 J;,<
· ·::Z
e
I (.10)
\
0
172.20.100.0/24 0
�< � I'� 172.20.100.0/24
Untrust Zone �
. srxA-1 SriV"\--
Acquired Zone�
stO: 10.10.10.1/24 stO: 10_10_10_2124 VAcquired Zone
(.1) GRE: 11.11.11.1/30 GRE: 11.11.11.2/3or(.1)
loO: 192.168.1.1 loO: 192.168.2.1
vlan.101 7TI)\:vlan.201 ._ _ _ . _ ·- .• vlan.102 7T.Ii\:vlan.202
/ , - mterrace ge-u/U/4 _ / "
172.20.101.0/24 172.20.201.0/24 172.20.102.0/24 172.20.202.0/24
(.10) (.10� L(.10) (.10)'
....----.
I "'"n1 I I vr1 O? I
I .. -,,� I ..___ Virtual
. Routers --+ I ··--- I
Juniper-SV - Juniper-WF ACME-WF
Pod A Network Diagram: Performing
Security Troubleshooting Techniques Lab
srxA-1 srxA-2
(J�lan.202
172.20.101.0/24 172.20.201.0/24 172.20.102.0/24 172.20.202.0/24
(.10) (.10) (10) (.10)�
...
..
fl)
E
ftl
·-Qftl
.D
....
ftl
m
,,0
a.
Pod B Network Diagram: Implementing
AppSecure Lab
:l
·D· 'l:,
VM Client
172.16.1.100
Untrust Zone
ge-0/0/8
172.16.1.1/24
_ K= pod
.....
�---- (1 or 2)
srxB-K
ge-0/0/9
172.16.10.1/24 �-· = - - "''"
VM Server's Duties
Web Server
1-
---1·. --'!
r
•� �)j·
VM Server
172.16.10.100
E [il
Host 172.31.15.1
-1�
"-<&·
�o
:::---u>
o
(.-?)
a\ �
Untrust Zone �6)'0r
p� q_.u>
t{g
141) vlan.243 172.20.243.0/24 ge-0/0/1 (.50)
srxB-1 srxB-2
loO: 192.168.1.1! (.50) ge-0/0/2 172.20.244.0/24 vlan.244 (. loO: 192.168.2.1
:7"
vlan.2437r:'� vlan.244
/ . . � ff�-� v- fi. l) ,
:V�<J , �
172.20.243.0/24 '},_/ Q
n�69' 172.20.244.0/24
/ rt?'
(.10) c>J (.10)
.....---....
Juniper-SY Virtual Routers ----------� Juniper-WF
r--�
Host 172.31.15.1
-<>..?
"-<c9
""<o
:;;,--.s>o
\:'V' (...?;
Untrust Zone '-.::�
C)\o�untrust Zone
'� o
fl,
� :;;,--1.Y
(.1) ge-0/0/1 172.19.1.0/30 ge-0/0/1 (.2) srxB-2

srxB-1
vlan.103
172.20.103.0/24 172.20.203.0/24 172.20.104.0/24 172.20.204.0/24
(.10) (.10) /(.10) (.10)'
�
,,,,. L.:.::...J
Virtual Routers -
Juniper-SY ACME-SV
.___ Juniper-WF ACME-WF
Pod B Network Diagram: Advanced NAT
1�-�
Host 172.31.15.1
-<.>�
'-<&·
�o
/"
u>o
(.-2)
�61
'0
�q_,\Y
srxB-1 10.0.1.0/24 srxB-2

• Public-Facing Zone ·
7 V
vlan.104
vlan.103 / (.1),vlan.203 _ _ _ ___ . _
x,�
(.1),vlan.204
/ · "\. - mterrace ge-u/U/4 - .,, ,
172.20.103.0/24 172.20.203.0/24 172.20.104.0/24 172.20.204.0/24
_(.10) (.10)\. /(.10) (.10)_
,...__.... -, .... ____
I� -w
.. Ir:=l
.. -- .
,,,,.
.....___..... ............._ Virtual Routers
I I
Juniper-SV Juniper-WF ACME-WF
Pod B Network Diagram: Advanced NAT
\':>() -<;:>.;,
l\,�y ·-Ia
">,<o-y Untrust Zone Untrust Zone �<g,..
:'\'1,.·
">, ao
srxB-1 (.1) ge-0/0/2 10.0.1.0/24 ge-0/0/2 (.129) srxB-2
vlan.203 vlan.204
1Pv6 Subnet
(.10)
Added

Pod B Network Diagram: Hub-and-Spoke
IPsec VPNs Lab
I . • -- .. --
l '
I B-1 SpokeHosts , B-2 SpokeHosts
Spoke1 B-1 Spoke1 B-2
Spoke1 192.171.20.3 Spoke1 192.171.20.6
stO: 10.10.20.3/24 stO: 10.10.20.6/24
Spoke3 192.171.20.5 Spoke3 192.171.20.8
Spoke2 B-1
stO: 10.10.20.4/24
loO: 192.168.20.4
Spoke3 B-1
St0: 10.10.20.5/24 I i
loO: 192.168.20.5
NonJunos / 'NonJunos
Device Device
srxB-1 srxB-2
stO: 10.10.20.1/24 stO: 10.10.20.2/24
I loO: 192.168.20.1 1.{:,1) (.!l,I loO: 192.168.20.2 I
(.lO)I • ___ , .,... I _ 1 ___ , "..,
!(.lO)
-- LU1..c:11-v n - I LUliar·vn �
172.20.100.0/24 ___.... 172.20.200.0/24
Pod B Network Diagram: Configuring Group
VPNs Lab
Key Server
loO: 192.168.21.3
srxB-1 srxB-2
loO: 192.168.21.1 loO: 192.168.21.2
7'.
vlan.103
172.20.103.0/24 172.20.203.0/24 172 .20.104.0/24 172.20.204.0/24
(.10) /(.10) (.10)�
(.�
___........ I vr104 I
Juniper-SV � ..___ Virtual Routers - Juniper-WF ACME-WF
Local-VR
o
(.10) c/�
'),.<r>'>--·
112.20.100.0;24 172.20.100.0/24
,ye-ol'i o\'?>
�'(:?
.-----:.-�--.., Untrust Zone
srxB-1 srxB-2
Acquired Zone c red Zone
stO: 10.10.20.1/24 stO: 10.10.20.2/24 11', qui
(.1) GRE: 11.11.21.1/30 GRE: 11.11.21.2/30r )( .1
loO: 192.168.1.1 loO: 192.168.2.1
vlan.103 (.1),vlan.203 ,,. vlan.104/ (.1 )�1an.204
,,7 '- - :ntsifacs gs-0/0/4 - I '
172.20.103.0/24 172.20.203.0/24 172.20.104.0/24 172.20.204.0/24

(.10) (.10)\. (10) (.10)'
Juniper-SV �
ACME-SV --- Virtual Routers
Pod B Network Diagram: Performing
srxB-1 srxB-2
vlan.103
172.20.103.0/24 172.20.203.0/24 172.20.104.0/24 172.20.204.0/24
(.10) (.10) (.10) (.10)�
Juniper-SV '----::-:::-:--
ACME-SV ..___ Virtual Routers Juniper-WF ACME-WF
..
Cl)
E
ca
·ca-
'OI
Q
.a
...c.,ca
,,0
A.
Pod C Network Diagram: Implementing
AppSecure Lab
1------10
VM Client
172.16.1.100
Untrust Zone
ge-0/0/8
172.16.1.1/24
K= pod
srxC-K ...... - (1or2)
ge-0/0/9 ""
172.16.10.1/24 I 1
VM Server's Duties
Web Server
VM Server
172.16.10.100
Host 172.31.15.1
-l�
"-l&·
�o:;.--
.s>o
(.,?;
r::::,\� Untrust Zone �(9'0
e;r::::,\
/"g.....,S>
/t. 1) vlan.245 172.20.245.0/24 ge-0/0/1 (.50)

srxC-1 :::::::::
srxC-2
loO: 192.168 1 1r=: e-0/0/2
.50) g::::::::=� 172.20.246.0/24 vlan.246 (.o/1lo0: 192.168.2.1
'-. · · (
vlan.24 5 7
_/(.1) "-�6),,.. ·"(1,/ .. . A,1�1an.246
r::::,
172.20.245.0/24 � e;r::::,\ 172.20.246.0/24
/
¢o (.10)
1,e/o/ ,.,. "----
Virtual Routers -
.I . 1s II�
Juniper-SV Juniper-WF
�-
Internet E ,�
�
Host 172.31.15.1
-<,>�
"-<<9
-�·q....
-s>
o
(.<,)
Untrust Zone ,-q....
,�� 0
:,,'a
(.1) ge-0/0/1 172.19.1.0/30 ge-0/0/1 (.2)
srxC-1 srxC-2
vlan.105
--+ vlan.1067'.1)\..vlan.206
172.20.105.0/24 172.20.205.0/24 172.20.106.0/24 172.20.206.0/24
(.10) (.10) (10) (.10)
,,,.....
Juniper-SV
..___ Virtual Routers Juniper-WF ACME-WF
,_A_C_M_E_-S_V__.
Pod C Network Diagram: Advanced NAT
I �
Host 172.31.15.1
-<,>�
"-<&·
-2
0
::.---\Yo
(.'S)
�-o
:::.---q,,
a
srxC-1 I \. .LJ ge-u/U/"L 10.0.1.0/24
7·"\'"" <::::::::::__ Public-Facing Zone .-

vlan.105 / (.1)\vlan.205 ....... _.. vlan.106
/ · · '\. - interface ge-0/0/4 � .,,
172.20.105.0/24 172.20.205.0/24 172.20.106.0/24 172.20.206.0/24
(.10) (.10i\. /(.10) (.10)�
...,,n5 i
_
Juniper-SV
I v, ,v __J . ---- Virtua R ters
l ou Juniper-WF ACME-WF
Pod C Network Diagram: Advanced NAT
Implementations
- Lab (Parts
- 4-Sl.
\'?,C) -Z,>s?
\-'>Y ·.ze
\-<o.;,, Untrust Zone Untrust Zone��g,,
:'\'1,·
\, \Yo
srxC-1 (.1 ) ge-0/0/2 10.0.1.0/24 ge-0/0/2 (.129) srxC-2
(.1
vlan.205 vlan.20S
,
,
172.20.206.0/24
1Pv6 Subnet
(.10)
Added

Pod C Network Diagram: Hub-and-Spoke
IPsec VPNs Lab
- - � -·- -
��--
: C-1SpokeHosts i , C-2Spoke Hosts - -- :
Spoke 1 C-1 Spoke 1 C-2
Spoke 1 192.171.30.3 Spoke 1 192.171.30.6
stO: 10.10.30.3/24 stO: 10.10.30.6/24
Spoke 2 192.171.30.4 loO: 192.168.30.3 loO: 192.168.30.6 Spoke 2 192.171.30.7
. .
Spoke3 192.171.30.5 Spoke3 192.171.30.8
Spoke 2 C-1 Spoke 2 C-2

stO: 10.10.30.4/24 stO: 10.10.30.7/24
loO: 192.168.30.4 loO: 192.168.30.7
Spoke3 C-1 Spoke3 C-2

stO: 10.10.30.5/24 I I 'I: lstO: 10.10.30.8/24
loO: 192.168.30.5 loO: 192.168.30.8
NonJunos / "NonJunos
Device Device
srxC-1 srxC-2
stO: 10.10.30.1/24 stO: 10.10.30.2/24
I loO: 192.168.30.1 lf:_1)
1 ---• \In
(.1:},I loO: 192.168.30.2 I
. 1
(.10)1 I �M, \ID l(.iO)
LUl.icH-m I Lu1..,arvn l1
172.20.100.0/24} I 172.20.200.0/24
Pod C Network Diagram: Configuring Group
VPNs Lab
Key Server
loO: 192.168.31.3
srxC-1 srxC-2
loO: 192.168.31.1 loO: 192.168.31.2
7X /;'\.�;
vlan.105 (.1) xlan.206
172.20.105.0/24 172.20.205.0/24 172.20.106.0/24 172.20.206.0/24
(.10) (.10) (.10) (.10)'
Juniper-SV ACME-SV ..___ Virtual Routers Juniper-WF ACME-WF

Local -VR Local-VR
(.10) =>C)
c/ (.10)
ri'),.<c,'>-.'
172.20.100.0/24 � a\'=> 172.20.100.0/24
\...')). n0'C)\
"' Untrust Zone f: 1
,_.;=-;:i,,<
srxC-1
�I....----=-�-. I srxc _
Acquired Zone
stO: 10.10.30.1/24 stO: 10.10.30.2/24 I/Acquired Zone
(.1) GRE: 11.11.31.1/30 GRE: 11.11.31.2/3or(.1)
loO: 192.168.1.1 loO: 192.168.2.1
vlan.105 ?Tii�lan.205 -+ vlan .106 / (.1),vlan.206
172.20.105.0/24 172.20.205.0/24 172.20.106.0/24 172.20.206.0/24
(.10) (.10)\. /(.10) (.10)'
II \/r?m,
··--- I I vr106 I
I..___ Virtual
. Routers -
... I ----- I
Pod C Network Diagram: Performing
�
sr
��
0 6
-+ vlan.1 0�1an.20
172.20.106.0/24 172.20.206.0/24
(.10) (.10)
...
I __o_s---11 ....___ Virtua
Juniper-SV ACME-SV l Routers - -+ Juniper-WF ACME-WF
en
..
E
ca
·-ca
'QI)
Q
.a
....ca
Q
,:s
0
A.
Pod D Network Diagram: Implementing
AppSecure Lab
VM Client
172.16.1.100
Untrust Zone
ge-0/0/8
172.16.1.1/24
K= pod
srxD-K ...., - (1or2)
ge-0/0/9
172.16.10.1/24
r VM Server·� Duti� I
Web Server
VM Server
172.16.10.100
r:.- -[fl
Host 172.31.15.1
-<.>-2
"-<c9
·-2·
q_..�
o
\.:� r.-2;
'?
c:) Untrust Zone <§>"c9'0
p\
f :,.,'q_..�
srxD-1 srxD-2
172.20.247.0/24 ge-0/0/1 (.50)
loO: 192.168.1.11 (.50) ge-0/0/2 172.20.248.0/24 vlan.248 (.y loO: 192.168.2.1
"
vlan.248
v�
vlan.247{1
) �&-o .1)
llf,:l
()\'>-/
172.20.247.0/24 <1
�
,;:,\
¢J
r
)��
172.20.248.0/24
(.10) (.10)
Juniper-SY Virtual Routers Juniper-WF

-----------==
"
.
� . ·.
Host 172.31.15.1
'(�
'-<&·
"20�
I.Yo
(.-0
'.§>"(9.
Untrust Zone ,-g.,
0
�a
srxD-1 (.1) ge-0/0/1 172.19.1.0/30 ge-0/0/1 (.2) srxD-2
vlan.107
172.20.107.0/24 172.20.207.0/24 172.20.108.0/24 172.20.208.0/24
(.10) ( .10) (.10) (.10)�
,,,,.
Pod D Network Diagram: Advanced NAT
I �
Host 172 .31.15.1
-<>�
'-<&'
"20
/"
.s>o
(.�
�<S>-o
�g....,S>
srxD-1 10.0.1.0/24 srxD-2

Public-Facing Zone
vlan.107 (.1) vlan.207 .._ =+ vlan.108 (.1),vlan.208
�·� - Interface ge-0/0/4 - yi:
172.20.107.0/24 172.20.207.0/24 172.20.108.0/24 172.20.208.0/24
(.10) (. /(.10) (.10)'\_
.-----. �
r vr108 vr208
,..
L 207 I .
.....___ Virtual Routers -
I I I I
Pod D Network Diagram: Advanced NAT
c:,
o\'?J -<;>�
\-<o�ntrust Zone Untrust Zone
-..:!&.
,<
' g.,.
i'1-
'), -Yo
srxD-1 (.1) ge-0/0/2 10.0.1.0/24 ge-0/0/2 (.129) srxD-2
(.1\
vlan.207 vlan.208
r·..-��----,
172.20.208.0/24
1Pv6 Subnet
(.10) (.10)
Added

Pod D Network Diagram: Hub-and-Spoke
IPsec VPNs Lab
--"'"""' .,. ,_ _,. ....., - "" - .,,.,..,..
..� _.,,....., -"'
,--
l
D-1 SpokeHosts i D-2 SpokeHosts
1
Spoke10-1 Spoke10-2
Spoke1 192.171.40.3 Spoke1 192.171.40.6
stO: 10.10.40.3/24 stO: 10.10.40.6/24
Spoke3 192.171.40.5 Spoke3 192.171.40.8
Spoke2 D-1 Spoke2 D-2

stO: 10.10.40.4/24 stO: 10.10.40.7/24
loO: 192.168.40.4 loO: 192.168.40. 7
Spoke3 D-1 Spoke30-2

stO: 10.10.40.5/24 c-i t istO: 10.10.40.8/24
loO: 192.168.40.5 loO: 192.168.40.8
NonJunos / .:Z;> 'NonJunos

Device <.:za Device
<:>
D".&,o ·.:?_
v�-�.Jo
.y
srxD-1 (.01 srxD-2 I

stO: 10.10.40.1/24 stO: 10.10.40.2/24
I loO: 192.168.40.1 K,1)
liJ-O) (Jll loO: 192.168.402
- I """L\/D
(.10)1 , MaL\/D
L.V\,Q,-Y" ! I
172.20.100.0/2M I ..w�· ... 1112.20.200.0;24
Pod D Network Diagram: Configuring Group
VPNs Lab
Key Server
loO: 192.168.41.3
srxD-1 srxD-2
loO: 192.168.41.1 loO: 192.168.41.2
7�
vlan.107
172.20.107.0/24 172.20.207.0/24 172.20.108.0/24 172.20.208.0/24
(.10) (.10) (10) (.10)�
._____..., ...___ v·1rtual Routers

Local-VR ocal-VR
a
(.10) <l�
a.·'\c·
(.10)
\cu
172.20.100.0;24 �ri·a\� 172.20.100.0/24

4,e,al
,-------""' Untrust Zone -· ·-· --- --· ·-
. srxD-1 srx0-2 .
Acquired Zone qu1red Zone
stO: _10.10. 4 0.1/24 stO: _10.10. 40.2/24 r�
(.1 ) GRE. 11.11. 41.1/30 GRE. 11.11. 41.2/30 )
loO: 192.168.1.1 loO: 192.168.2.1
vlan.107 (.1)"vlan.207 ..., ,.,.. vlan.108 (.1) vlan.208
\.. - Interface ge-0/0/4 -
172.20.107.0/24 172.20.207.0/24 172.20.108.0/24 172.20.208.0/24
_Li.10) (.10) (10) (.10)'
1 (\7
YI .LUf
I ... I I vr207
I I
Juniper-SV I ..___ Virtual Routers Juniper-WF ACME-WF

Pod D Network Diagram: Performing
S_ecurity Troubleshooting Techniques Lab
srxD-1 srxD-2
vlan.107
172.20.107.0/24 172.20.207.0/24 172.20.108.0/24 172.20.208.0/24
(.10) (.10) (10) (.10)'
,,,...
Juniper-SY ACME-SV � Virtual Routers Juniper-WF ACME-WF

A Dvanced Junos Security: Lab Diagrams

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

A Dvanced Junos Security: Lab Diagrams

Uploaded by

Copyright:

Available Formats

A�dvanced Junos Security

Worldwide Education Services

1194 North Mathilda Avenue

Course Number: EDU-JUN-AJSEC

.1) vlan.241 172.20.241.0/24 ge-0/0/1 (.50)

Juniper-SV Virtual Routers --------=-' �uniper-WF

srxA-1 10.0.1.0/24 srxA-2

vlan.101 _,.. vlan.102/A1 )'\.vlan.202

srxA-1 (.1) ge-0/0/2 10.0.1.0/24 g_e-0/0/2 (.129) srxA-2

Juniper-SV ACME-SV Juniper-WF ACME-WF

Spoke 2A-1 Spoke2A-2

(.1) ge-0/0/1 172.19.1.0/30 ge-0/0/1 (.2) srxB-2

srxB-1 10.0.1.0/24 srxB-2

srxB-1 (.1) ge-0/0/2 10.0.1.0/24 ge-0/0/2 (.129) srxB-2

Juniper-SV ACME-SV Juniper-WF ACME-WF

172.20.103.0/24 172.20.203.0/24 172.20.104.0/24 172.20.204.0/24

/t. 1) vlan.245 172.20.245.0/24 ge-0/0/1 (.50)

7·"\'"" <::::::::::__ Public-Facing Zone .-

srxC-1 (.1 ) ge-0/0/2 10.0.1.0/24 ge-0/0/2 (.129) srxC-2

Juniper-SV ACME-SV Juniper-WF ACME-WF

Spoke 2 C-1 Spoke 2 C-2

Spoke3 C-1 Spoke3 C-2

Juniper-SV ACME-SV ..___ Virtual Routers Juniper-WF ACME-WF

Local -VR Local-VR

Juniper-SY Virtual Routers Juniper-WF

srxD-1 10.0.1.0/24 srxD-2

srxD-1 (.1) ge-0/0/2 10.0.1.0/24 ge-0/0/2 (.129) srxD-2

Juniper-SV ACME-SV Juniper-WF ACME-WF

Spoke2 D-1 Spoke2 D-2

Spoke3 D-1 Spoke30-2

NonJunos / .:Z;> 'NonJunos

srxD-1 (.01 srxD-2 I

._____..., ...___ v·1rtual Routers

172.20.100.0;24 �ri·a\� 172.20.100.0/24

Juniper-SV I ..___ Virtual Routers Juniper-WF ACME-WF

You might also like

.___..., ..._ v·1rtual Routers