APPLICATION NOTE CONFIGURING THE CX111 FOR THE SSG SERIES How to Configure the SSG Series for 3G Wireless WAN Termination Using the CX111 Cellular Broadband Data Bridge Copyright © 2010, Juniper Networks, Inc.
APPLICATION NOTE - Configuring the CX111 for the SSG Series Table of Contents Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
APPLICATION NOTE - Configuring the CX111 for the SSG Series Introduction Enterprise branches need WAN resiliency to provide uninterrupted service to their customers and employees alike. This has direct implication to the revenue and operational costs.
APPLICATION NOTE - Configuring the CX111 for the SSG Series Description and Deployment Scenario The CX111 ships with a default configuration that should accommodate most deployment scenarios. The deployment model assumes that the CX111 is connected to a DHCP-enabled interface. 192.168.1.0/24 Trust Zone SSG Series INTERNET CX111 OFFICE Deployment The CX111 acts as a DHCP server and relays the public address obtained from the 3G network to the SSG Series.
APPLICATION NOTE - Configuring the CX111 for the SSG Series Power over Ethernet When available, Power over Ethernet (PoE) can be used to power the bridge. In the event that the bridge is connected through a switch or a gateway that does not support PoE, an external power supply can be used (provided with the basic install kit). When PoE is used, the device will require 4 W to 10 W of power depending on how many modems are connected, so plan the power budget accordingly.
APPLICATION NOTE - Configuring the CX111 for the SSG Series set set set set set set set set set set set set zone “Trust” vrouter “trust-vr” zone “Untrust” vrouter “trust-vr” interface “ethernet0/0” zone “Untrust” interface “bgroup0” zone “Trust” interface bgroup0 port ethernet0/2 interface bgroup0 port ethernet0/3 interface bgroup0 port ethernet0/4 interface bgroup0 port ethernet0/5 interface bgroup0 port ethernet0/6 interface ethernet0/0 dhcp client enable interface ethernet0/0 dhcp client settings updat
APPLICATION NOTE - Configuring the CX111 for the SSG Series set zone “Trust” vrouter “trust-vr” set zone “Untrust” vrouter “trust-vr” set zone id 100 “Management” set set set set set set set set interface interface interface interface interface interface interface interface “ethernet0/0” zone “Untrust” “ethernet0/0.
APPLICATION NOTE - Configuring the CX111 for the SSG Series TRACK-IP Monitored server used to test the primary link 192.168.1.0/24 Trust Zone SSG Series e0/1 e0/0 INTERNET 198.0.0.1 CX111 OFFICE Backup Scenario e0/0 is used as the primary link (static public IP). e0/1 connects to the CX111 (DHCP) and is used as a backup.
APPLICATION NOTE - Configuring the CX111 for the SSG Series set route 0.0.0.0/0 gateway 198.1.1.2 set policy id 6 name “Management Access” from “Trust” to “Management” “Any” “Any” “HTTP” nat src permit log exit set policy id 3 name “Any Permit” from “Trust” to “Untrust” “Any” “Any” “ANY” nat src permit log count exit The probe status can be obtained from the “get interface monitor” command. SSG5-> get interface ethernet0/0 monitor track-ip ip address intval threshold wei gateway fail-count success 198.0.
APPLICATION NOTE - Configuring the CX111 for the SSG Series Summary As more and more wireless carriers expand their coverage and upgrade their networks to offer 3G wireless data services, enterprises worldwide can look to use 3G as a backup connectivity solution for many deployments and in some cases, even use 3G wireless as primary data access. Juniper Networks SSG Series Secure Services Gateways provide best-in-class security and routing with flexible LAN and WAN options.
