Embed Size (px)
Citation preview
A�dvanced Junos Security
1.2.b
Worldwide Education Services
1194 North Mathilda Avenue
Sunnyvale, CA 94089
USA
408-745-2000
www.juniper.net
Course Number: EDU-JUN-AJSEC
Lab Diagrams
This document is produced by Juniper Networks, Inc.
This document or any part thereof may not be reproduced or transmitted in any form under penalty of raw, without the prior written permission of Juniper Networks Education Services.
Juniper Networks, Junos, Steel-Belted Radius, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. The Juniper Networks Logo, the Ju nos logo, and JunosE are trademarks of Juniper Networks, Inc. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners.
Advanced Junos Security Lab Diagrams, Revision 12.b
Copyright© 2013 Juniper Networks, Inc. All rights reserved.
Printed in USA.
Revision History:
Revision 10.a--March 2011
Revision 12.a-June 2012
Revision 12.b-June 2013
The information in this document is current as of the date listed above.
The information in this document has been carefully verified and is believed to be accurate for software Release 12.1X44-D10.4. Juniper Networks assumes no responsibilities for any inaccuracies that may appear in this document. In no event will Juniper Networks be liable for direct, indirect. special, exemplary, incidental, or consequential damages resulting from any defect or omission in this document. even if advised of the possibility of such damages.
Juniper Networks reserves the right to change, modify, transfer. or otherwise revise this publication without notice.
YEAR 2000 NOTICE
Juniper Networks hardware and software products do not suffer from Year 2000 problems and hence are Year 2000 compliant. The Junos operating syster, has no known time-related limitations through the year 2038. However, the NTP application is known to have some difficulty in the year 2036.
SOFTWARE LICENSE
The terms and conditions for using Juniper Networks software are described in the software license provided with the software, or to the extent applicable, in an agreement executed between you and Juniper Networks, or Juniper Networks agent. By using Juniper Networks software, you indicate that you understand and agree to be bound by its license terms and conditions. Generally speaking, the software license restricts the manner in which you are permitted to use the Juniper Networks software, may contain prohibitions against certain uses, and may state conditions under which the license is automatically terminated. You should consult the software license for further details.
Ma
na
ge
me
nt
Ne
two
rk D
iag
ram
ge
-0/0
/0
(o
n a
ll s
tud
en
t d
evi
ces)
Stu
den
t W
ork
sta
tio
ns
Ma
na
ge
me
nt
Ad
dre
ssin
g
srxA
-1
srxD
-1
--
srxA
-2
srxD
-2
--
srxB
-1
_
vr-d
evi
ce
-
srxB
-2
Serv
er
-
srxC
-1
_
Ga
tew
ay
srxC
-2
_
Term
Serv
er
Serv
er
Note
: Yo
ur
instr
ucto
r w
ill p
rovi
de
ad
dre
ss a
nd
acc
ess
info
rma
tio
n.
Po
d A
Ne
two
rk D
iag
ram
: Im
ple
me
nti
ng
Ap
pS
ec
ure
La
b
ge-0
/0
/8
17
2.1
6.1
.1/2
4
ge-0
/0
/9
17
2.1
6.1
0.1
/2
4
srxA
-K
Trus
t Zon
e
VM S
erve
r 17
2.1
6.1
0.1
00
I D
Untru
st Z
one
K=
po
d
....
-(1
or2
)
VM C
lient
17
2.1
6.1
.10
0
-=
---
: VM
Ser
ver's
Dut
ies
I
FTP
Serv
er
Web
Ser
ver
Po
d A
Ne
two
rk D
iag
ram
: Im
ple
me
nti
ng
La
ye
r 2
Se
cu
rity
La
b
I�
Host
172
.31.
1 5.1
<;::,\o\}
Untru
st Z
one
�
__
_
xA,._ i
_ ___,
/(.1
) vla
n.24
1 17
2.20
.241
.0/2
4sr
-
loO: 1
92.1
68.1
.1 (
. 50)
ge-0
/0/2
17
2.20
.242
.0/2
4vla
n .24
1 7
( 1)
�
.
e, ov
�
172.
20.2
41.0
/24
<1
(.10 )
-1,>� ",(
& -�· q...
,sio
(.'<J
ge-0
/0/1
(.50
)
.§>'e 'O
:;.---q...
l.Y 17
2.20
.242
.0/2
4(.1
0 )
---
-----
=-
' Ju
nipe
r-SV
Virtu
al R
oute
rs
�uni
per-W
F
Po
d A
Ne
two
rk D
iag
ram
: Im
ple
me
nti
ng
Jun
os V
irtu
al
Ro
uti
ng
La
b
172.
20.1
01.0
/24
(.10 )
Juni
per-S
V
x--
[il
Host
172
.31.
15.1
-<>� "-<
<9 · �o
:Y'
, j b
(.�
'-..s>"e9
, Un
trust
Zon
e ,
(2,-0
::Y'a
srxA
-1
(.1) g
e-0/
0/1
172.
19.1
.0/3
0 ge
- 0/0
/1 (
.2)
srxA
-2
(.�lan
.201
......,
-
Inte
rface
ge-
0/0/
4 -
172.
20.2
01.0
/24
(.10 ) AC
ME -
S V
.....___ V
irtua
l Rou
ter s
-+
172.
20.1
02.0
/24
172.
20.2
02.0
/24
(10)
(.10)
'
Juni
per-W
FAC
ME-
WF
Po
d A
Ne
two
rk D
iag
ram
: A
dv
an
ce
d N
AT
Imp
lem
en
tati
on
s L
ab
(P
art
s 1
-3
)
vlan .
101 /
172.
20.1
01.0
/24
(.10 )
Jun
ipe
r-S
Y
srxA
-1
10.0
.1.0
/24
! �-
�,
-<.>� '-<
c9 ·� · q_..
\Yo
Host
172
.31.
15.1
r.-2,;
<S'°<9 , o
rg_..
a
srxA
-2
-in
terfa
ce g
e-0/
0/4
-_,..
v la
n .10
2 A
1 )'\.
v lan.
2 02
/
"
\ lr '>
n1
I ---
R
ters
I ·· ....
" ·---
Virt
ua
l o
u
172.
20.1
02.0
/24
(.10 )
Jun
ipe
r-W
F
172.
20.2
02.0
/24
(.10 )
�
AC
ME
-WF
Po
d A
Ne
two
rk D
iag
ram
: A
dv
an
ce
d N
AT
Imp
lem
en
tati
on
s L
ab
(P
art
s 4
-5
)
srxA
-1
(.10)
Juni
per-S
V
o\'':Jo
,.., \.<oru
ntru
st Z
one
:'\ v
· \.
(.1)
ge-0
/0/2
10
.0.1
.0/2
4
vlan.
201
ACM
E-SV
1Pv6
Su
bn
et
Ad
de
d
-<'.>< ·.z
e Un
trust
Zon
e �"2 g,..
-5>o
g_e-0
/0/2
(.1
29)
srxA
-2
(.1
\ ,r
,
vla
n.20
2
172.
20.2
02.0
/24
(.10)
Juni
per-W
F AC
ME-
WF
Po
d A
Ne
two
rk D
iag
ram
: H
ub
-an
d-S
po
ke
IPs
ec
VP
Ns
La
b
..
�
,.,.
�
,_..,,
,..___
A-1
Spo
ke Ho
sts
Spok
e 1
192.
171.
10.3
Spok
e 2
192.
171.
10.4
Spok
e 3
192.
171.
10.5
Spok
e 2 A
-1
stO:
10.
10.1
0.4/
24
loO: 1
92.1
68.1
0.4
Spok
e 3 A
-1
Spok
e 1A
-1
stO:
10.
10.1
0.3/
24
loO:
192
.168
.10.
3
stO:
10.
10.1
0.5/
24 I
I
loO: 1
92.1
68.1
0.5
Non
Juno
s /
De
vice
srxA
-1
stO:
10.
10.1
0.1/
24
I loO
: 192
.168
.10.
1 K_
1 )
(. 10)
1 .
. .. ·�
I-
Lo
ca
1-v
t<
172.
20.1
00.0
/24 _
__
_
--
·
...
.
·--
A-2
Spo
ke Ho
sts;
Spok
e 1A
-2
stO:
10.
10.1
0.6/
24
loO:
192
.168
.10.
6 Sp
oke
1 19
2.17
1.10
.6
Spok
e2
192.
171.
10.7
Spok
e3
192.
171.
10.8
Spok
e 2 A
-2
stO:
10.
10.1
0.7 /
24
loO: 1
92.1
68.1
0. 7
Spok
e3 A
-2
li ls
tO: 1
0.10
.10.
8/24
loO
: 192
.168
.10.
8
"N
onJu
nos
Devic
e
srxA
-2
stO:
10.
10.1
0.2/
24
I, _
__ , .
..... l
(. iO )
Ull
loO: 1
92.1
68.1
0.2
I
I LU
t;cH
- vn
fi.
72.2
0.20
0.0/
24
Po
d A
Ne
two
rk D
iag
ram
: C
on
fig
uri
ng
Gro
up
VP
Ns
La
b L
ab
srxA
-1
Key S
erve
r lo
O: 1
92.1
68.1
1.3
I
loO:
192
.168
.11.
1
172
.20.
101.
0/2
4
(.10
)
Juni
per-S
V
.,..
-In
terfa
ce ge
-0/0
/4 -
172
.20.
201
.0/2
4
(.10 )
ACM
E-S V
..___
Vi rt
u al R
oute
rs -
,,,.
srxA
-2
loO:
192
.168
.11.
2
172
.20.
102
.0/2
4 17
2.2
0.2
02.0
/24
(.10 )
(.1
0)'
Jun i
per-W
F AC
ME-
WF
Po
d A
Ne
two
rk D
iag
ram
: Im
ple
me
nti
ng
Ad
va
nc
ed
IP
se
c V
PN
So
luti
on
s L
ab
rl��
;I-V
�R1
Loca
l-VR
(.10)
\
J;,< · ·
::Z eI (.1
0)
�<
172.
20.1
00.0
/24
0
0 �
I'
�
172.
20.1
00.0
/24
Untru
st Zo
ne �
.
�
srxA
-1
Acqu
ired
Zone
st
O: 1
0.10
.10.
1/24
(.1
) GRE
: 11.
11.1
1.1/
30
SriV"\
--
stO:
10_
10_1
0_2 1
24 V
Acqu
ired
Zone
GRE:
11.
11.1
1.2/
3or(
.1)
loO:
192
.168
.1.1
loO
: 192
.168
.2.1
vla
n.10
1 7T
I)\:
vlan.
201
._
_ _
. _
·-.•
/
,
-mt
erra
ce g
e-u/
U/4
_vla
n.10
2 7
T.Ii\:vla
n.20
2 /
"
172.
20.1
01.0
/24
172.
20.2
01.0
/24
172.
20.1
02.0
/24
(.10)
(.10 �
L
(.10)
....-
--
-.
I"
'"
n1
I I
vr1 O
?
I
Juni
per-S
V I
.. -,,
� I ..___
.
--+ I
··---
I Vi
rtual
Rou
ters
-Ju
nipe
r-WF
172.
20.2
02.0
/24
(.10)
'
ACM
E-W
F
Po
d A
Ne
two
rk D
iag
ram
: P
erf
orm
ing
Se
cu
rity
Tro
ub
lesh
oo
tin
g T
ech
niq
ue
s L
ab
srxA
-1
-In
terfa
ce ge
-0/0
/ 4 -
172.
20.1
01.0
/24
172.
20.2
01.0
/24
(.10)
Juni
per-S
V
(.10) AC
ME-
SV
..___ V
irtua
l Rou
ters
-...
srxA
-2
172.
20.1
02.0
/24
(10)
Juni
per-W
F
(J�
lan.
202
172.
20.2
02.0
/24
(.10)
�
ACM
E-W
F
fl)
E ftl ..
ftl ·-
Q
.D ftl ....
m
,, 0 a.
Po
d B
Ne
two
rk D
iag
ram
: Im
ple
me
nti
ng
Ap
pS
ec
ure
La
b
ge-0
/0/8
172.1
6.1
.1/2
4
ge-0
/0/9
172.1
6.1
0.1
/24
1-1· -
- '---
r. �· !
•
�)j
srxB
-K
Trus
t Zon
e
VM
Ser
ver
172.1
6.1
0.1
00
Un
trus
t Zon
e
_ K
= p
od.....
�
--
--
(1 o
r 2
)
·D· :,
:l
'lV
M C
lien
t 17
2.1
6.1
.10
0 � -·
= --
"''" V
M S
erve
r's
Dut
ies
FTP
Ser
ver
Web
Ser
ver
Po
d B
Ne
two
rk D
iag
ram
: Im
ple
me
nti
ng
La
ye
r 2 S
ecu
rity
La
b
srxB
-1
�a\�
p
t{g
141)
vlan
.24 3
loO: 1
92.1
68.1
.1! (
.50)
ge-0
/0/2
vla
n.24
3 7r:'�
ff�- �
:V�
/
.
.
�-v
172.
20.2
43.0
/24
<J
(.10)
E [il
Untru
st Z
one
172.
20.2
43.0
/24
172.
20.2
44.0
/24
-1� "-<& · �
o
:::---u> o
Host
172
.31.
15.1
(.-?) �6)
'0 rq_. u>
ge-0
/0/1
(.50
) sr
xB-2
vla
n.24
4 (. :7"
loO: 1
92.1
68.2
.1
'},_/
fil )
vla
n.24
4
n�69'
,
�.
,
/
rt?'Q
17
2.2 0
.244
.0/2
4 c>J
(.1
0)
.....--
-....
Juni
per-S
Y Vi
rtual
Rou
ters
--
--
--
--
--
�Ju
nipe
r-WF
Po
d B
Ne
two
rk D
iag
ram
: Im
ple
me
nti
ng
Jun
os
Vir
tua
l R
ou
tin
g L
ab
vlan.
103
172.
20.10
3.0/
24(.1
0)
Juni
per-S
Y
r--
�
Host
172
.31.
15.1
\:'V'
C)\o�
untru
st Z
one
fl,
�
-<>..?
"-<c9 ""<
o :;;,--.s>o
(...?;
'�
Untru
st Z
one
'-.:: �
o
:;;,--1.Y
srxB
-1(.1
) ge-
0/0/
1 17
2.19
.1.0
/30
ge-0
/0/1
(.2
) sr
xB-2
172.
20.2
03.0
/24
(.10) AC
ME-
SV
-In
terfa
ce g
e-0/
0/4
-17
2.20
.104.
0/24
/(.1
0 )
.___
�
Virtu
al Ro
uter
s -
,,,,. L.:.::...J
Ju
nipe
r-WF
172.
20.2
04.0
/24
(.10
)'
ACM
E-W
F
Po
d B
Ne
two
rk D
iag
ram
: A
dva
nce
d N
AT
Imp
lem
en
tati
on
s L
ab
(P
art
s 1
-3
)
srxB
-1
10.0
.1.0
/24
1�-
�
-<.>� '-<
& · �o /"
u> o
Host
172
.31.
15.1
(.-2) � 61
'0 �q_,
\Y
srxB
-2
7V
•
Publ
ic-Fa
cing
Zone
· x
,�
vlan.
103
/ ( .1
),vla
n.20
3 _
_ _
___
. _ vla
n.10
4 (.1
),vla
n.20
4 /
·
"\.
-m
terra
ce ge
-u/U
/4 -
.,,
, 17
2.20
.103
.0/2
4 17
2.20
.203
.0/2
4 17
2.20
.104
.0/2
4 17
2.20
.204
.0/2
4
,...__....
_(.-,10
)(.1
0 )\.
/(.1
0)
( . ....
10_) _
_ __�
r:=l
Juni
per-S
V
I .. -
w
I I
.. --.
I....._
__
..... ............._
Virt
ual R
oute
rs,,,,.
Ju
nipe
r-WF
ACM
E-W
F
Po
d B
Ne
two
rk D
iag
ram
: A
dv
an
ce
d N
AT
Imp
lem
en
tati
on
s L
ab
(P
art
s 4
-5
)
srxB
-1
�
\':>()
l\,�y
">,<o
-y U
ntru
st Z
one
:'\'1,.·
">,
( .1)
ge-0
/0/2
10
.0.1
.0/2
4
vlan.
203
1Pv6
Su
bne
t
Ad
de
d
-<;:>.;,
·-Ia
Untru
st Z
one �
< g,.. ao
ge-0
/0/2
(.1
29)
srxB
-2
vlan.
204
(.10)
Juni
per-S
V AC
ME-
SV
Juni
per-W
F AC
ME-
WF
Po
d B
Ne
two
rk D
iag
ram
: H
ub
-an
d-S
po
ke
IPs
ec
VP
Ns
La
b
I .
•--
I B-
1 Sp
oke
Host
s,
Spok
e 1
192.
171.
20.3
Spok
e 2
192.
171.
20.4
Spok
e 3
192.
171.
20.5
Spok
e 1
B-1
stO:
10.
10.2
0.3/
24
loO:
192
.168
.20.
3
Spok
e2
B-1
stO:
10.
10.2
0.4/
24
loO: 1
92.1
68.2
0.4
Spok
e3
B-1
St0:
10.
10.2
0.5/
24 I
i
loO: 1
92.1
68.2
0.5
Non
Juno
s /
De
vice
srxB
-1
stO:
10.
10.2
0.1/
24
I loO
: 192
.168
.20 .
1 1.{:,1
)(. l
O )I •
__ _
, .,...
I--
LU
1..c:1
1-v
n
-17
2.20
.100
.0/2
4 __
_ ....
Spok
e 1
B-2
stO:
10.
10.2
0.6/
24
loO:
192
.168
.20.
6
l
..
--
B-2
Spok
e Ho
sts
Spok
e 1
192.
171.
20.6
Spok
e 2
192.
171.
20.7
Spok
e3
192.
171.
20.8
'N
onJu
nos
Devic
e
srxB
-2
stO:
10.
10.2
0.2/
24
_ 1
__
_ ,
"
..,
!(.lO
) (.!l,
I loO
: 192
.168
.20.
2 I
I L
Uli
ar·
vn
�
17
2.20
.200
.0/2
4
'
Po
d B
Ne
two
rk D
iag
ram
: C
on
fig
uri
ng
Gro
up
VP
Ns
La
b
srxB
-1
loO: 1
92.1
68.2
1.1
7'.
vlan.
103
172.
20.1
03.0
/24
172.
20.2
03.0
/24
( .10)
(.�
Key S
erve
r loO
: 192
.168
.21.
3
-In
terfa
ce g
e-0/
0/4
-
srxB
-2
loO: 1
92.1
68.2
1.2
172 .
20.1
04.0
/ 24
/( .1
0)
172.
20.2
04.0
/ 24
( .10)
�
Juni
per-S
V �
..___ V
irtua
l Rou
ters__
_ ........ I v
r104
I
-Ju
nipe
r-WF
ACM
E-W
F
Po
d B
Ne
two
rk D
iag
ram
: Im
ple
me
nti
ng
Ad
va
nce
d I
Pse
c V
PN
So
luti
on
s L
ab
Loca
l-VR
(.10 )
c/
�o
'),.<r>'>--
· ,y
'i o\
'?> 11
2.20
.100
.0;2
4 �e-o
l .--
--
-:.-�
--..,'(:?
Untru
st Zo
ne
srxB
-1
Acqu
ired
Zone
st
O: 1
0.10
.20.
1/24
(.1) G
RE: 1
1.11
.21.
1/30
lo
O: 1
92.1
68.1
.1
172.
20.1
00.0
/24
srxB
-2
stO:
10.
10. 2
0.2 /
24 11',
c qui
red
Zone
GRE:
11.
11.2
1.2/
30r (
.1)
loO: 1
92.1
68.2
.1
vlan.1
03 7
(.1),
vlan.
203
,,
'--
:nts
ifacs
gs-
0/0/
4 -
,,.
vlan .1
04/
(.1)�
1 an.
204
I
'
172.
20.1
03.0
/24
(.10 )
Juni
per-S
V
172.
20.2
03.0
/24
(.10)\.
� ---
Virtu
al R
oute
rsAC
ME-
SV
172.
20.1
04.0
/24
(10 )
17
2.20
.204
.0/2
4 (.1
0 )'
Po
d B
Ne
two
rk D
iag
ram
: P
erf
orm
ing
Se
cu
rity
Tro
ub
les
ho
oti
ng
Te
ch
niq
ue
s L
ab
srxB
-1
srxB
-2
vlan.
103
-In
terfa
ce ge
-0/0
/4 -
172.
20.1
03.0
/24
172.
20.2
03.0
/24
172.
20.1
04.0
/24
172.
20.2
04.0
/24
(.10
)
Juni
per-S
V
(.10)
(.1
0)
'----
::-:::-:--
..___ V
irtua
l Rou
ters
Juni
per-W
F AC
ME-
SV
(.10)
�
ACM
E-W
F
Cl)
E ca ..
'OI ca ·-
Q
.a ca ...
c.,
,, 0 A.
Po
d C
Ne
two
rk D
iag
ram
: Im
ple
me
nti
ng
Ap
pS
ec
ure
La
b
ge-0
/0/8
17
2.16
.1.1
/24
ge-0
/0/9
17
2.16
.10.
1/24
srxC
-K
Trus
t Zon
e
VM S
erve
r 17
2.16
.10.
100
1--
--
--
10
Untr
ust Z
one
K=
po
d
......
-(1
or2
)
VM C
lient
17
2.16
.1.1
00
I "
"
1
VM S
erve
r's D
utie
s
FTP
Ser
ver
Web
Ser
ver
Po
d C
Ne
two
rk D
iag
ram
: Im
ple
me
nti
ng
La
ye
r 2
Se
cu
rity
La
b
r::::,\�
e;r::::,\
srxC-
1 /t
.1 ) vl
an.2
45
loO: 1
92.1
68 1
1r=::::::::::
::::::::=
�vla
n.24
57
'-.
··
(.50 )
ge-0
/0/ 2
_/(.
1) "-
�
172
20
6),,..
..
24
5.0/
24
�
I .. 1s
I� I Ju
nipe
r-SV
Untru
st Z
one
172.
20.2
45.0
/24
172.
20.2
46.0
/24
Virtu
al R
oute
rs -
-l� "-l& · �
o
:;.--.s> o
Host
172
.31.
15.1
(.,?; �
(9'0 /"g.....
,S>
ge-0
/0/1
(.50
) sr
xC-2
vlan
.246
(.o/
1 lo. 0:
192
.168
.2.1
·"(1,
/..
A,1�
1an.
246
1,e/o/ ,
.,. "
/
e;r::::,\r::::,
17
2 .20
.246
.0/2
4 ¢o
(.1
0 )
----
Juni
per-W
F
Po
d C
Ne
two
rk D
iag
ram
: Im
ple
me
nti
ng
Jun
os V
irtu
al
Ro
uti
ng
La
b
vlan
.105
172.
20.1
05.0
/24
(.10)
Juni
per-S
V
srxC
-1
(.1) g
e-0/
0/1
�-
,�
E �
In
tern
et
172.
19.1
.0/3
0
-<,>� "-<
<9 - �· q....
-s>o
Host
172
.31.
15.1
(.<,)
,��
Untru
st Z
one
, -q....
0 :,,'a
ge-0
/0/1
(.2
) sr
xC-2
-In
terf a
ce g
e-0/
0/4
---+
vla
n .10 67'.
1)\..
vlan
. 206
172.
20.2
05.0
/24
172.
20.1
06.0
/24
172.
20.2
06.0
/24
(.10)
..___
,_A_C_M
_E_-S_V__.
Virtu
al R
oute
rs,,,.....
(10)
(.10)
Juni
per- W
FAC
ME-W
F
Po
d C
Ne
two
rk D
iag
ram
: A
dv
an
ce
d N
AT
Imp
lem
en
tati
on
s L
ab
(P
art
s 1
-3
)
I �
-<,>� "-<
& · -20
::.---
\Yo
Host
172
.31.
15.1
(.'S) �
- o
:::.---q,,
a
srxC
-1
I \ . .LJ
ge-u
/U/"L
10
.0.1
.0/2
4
7· "\'""
<::::::::::__
Pu
blic-
Faci
ng Zo
ne
.-vla
n.10
5 /
( .1)\
vlan.
205
.......
_.. v
lan.
106
/
· ·
'\.
-in
terfa
ce ge
-0/0
/4 �
.,,
172.
20.1
05.0
/ 24
172.
20.2
05.0
/24
172.
20.1
06.0
/24
172.
20.2
06.0
/24
(.10 )
(.1
0i\.
/(.1
0 )
Juni
per-S
V
. .. ,, n
5 i
_R
ters
I
v, ,v
__J
. ----
Virtu
al
ou
Juni
per-W
F
(.10 )
�
ACM
E-W
F
Po
d C
Ne
two
rk D
iag
ram
: A
dv
an
ce
d N
AT
Imp
lem
en
tati
on
s L
ab
(P
art
s 4
-S
l -
-.
srxC
-1
Juni
per-S
V
�
\'?,C)\-'>
Y
\-<o.;,,
Unt
rust
Zon
e:'\'1,
· \,
( .1
) g
e-0
/0
/2
1
0.0
.1.0
/24
vlan.
205
ACM
E-SV
1Pv6
Su
bne
t
Ad
de
d
-Z,>s?
·.ze
Untru
st Z
one �
� g,, \Yo
ge-0
/0
/2
(.
12
9)
srxC
-2
(.1
,,
vlan.
20S
17
2.2
0.2
06
.0/2
4
(.1
0)
Juni
per-W
FAC
ME-
WF
Po
d C
Ne
two
rk D
iag
ram
: H
ub
-an
d-S
po
ke
IPs
ec
VP
Ns
La
b
--�
-
·-
��---
: C-
1Spo
ke Ho
sts
Spo
ke 1
192.
171.
30.3
Spo
ke 2
192.
171.
30.4
Spo
ke 3
192.
171.
30.5
Spo
ke 1
C-1
stO:
10.
10.3
0.3/
24
loO: 1
92.1
68.3
0.3
Spo
ke 2
C-1
stO:
10.
10.3
0.4/
24
loO: 1
92.1
68.3
0.4
Spo
ke 3
C-1
stO:
10.
10.3
0.5/
24 I
I
loO: 1
92.1
68.3
0.5
.
Non
Juno
s /
De
vice
srxC
-1
stO:
10.
10.3
0.1/
24
I loO:
192
.168
.30 .
1 lf:_
1)(. 1
0 )1 1
--
-•
\
In
I
172.
20.1
00.0
/24}
LU
l.icH
-m
I
i ,
C-2 S
poke
Host
s ---
: S
poke
1 C-
2 st
O: 1
0.10
.30.
6/24
loO
: 192
.168
.30.
6 S
poke
1 19
2.17
1.30
.6
Spo
ke 2
192.
171.
30.7
Spo
ke 3
192.
171.
30.8
.
Spo
ke 2
C-2
stO:
10.
10.3
0.7 /
24
loO: 1
92.1
68.3
0.7
Spo
ke3
C-2
'I: ls
tO: 1
0.10
.30.
8/24
loO
: 192
.168
.30.
8
"N
onJu
nos
Devic
e
srxC
-2
stO:
10.
10.3
0.2/
24
.
1 �M
, \I
D
l (.i O
)(. 1:},
I loO
: 192
.168
.30.
2 I
I L
u1..,
ar
vn
l1
172.
20.2
00.0
/24
Po
d C
Ne
two
rk D
iag
ram
: C
on
fig
uri
ng
Gro
up
VP
Ns
La
b
srxC
-1
Key S
erve
r loO
: 192
.168
.31.
3
loO: 1
92.1
68.3
1.1
vlan.
105
172.
20.1
05.0
/24
(.10 )
Juni
per-S
V
7X
-In
terfa
ce g
e-0/
0/ 4
-17
2.20
.205
.0/2
4 (.1
0)
ACM
E-SV
..___
Virt
ual R
oute
rs
srxC
-2
loO: 1
92.1
68.3
1.2
/;'\.
�;
(.1) x
lan.
206
172.
20.1
06.0
/24
172.
20.2
06.0
/24
(.10)
(.1
0)'
Juni
per-W
F AC
ME-
WF
Po
d C
Ne
two
rk D
iag
ram
: Im
ple
me
nti
ng
Ad
va
nc
ed
IP
se
c V
PN
So
luti
on
s L
ab
Loca
l-VR
(.10 )
Loca
l-VR
(.10 )
c/
=>C)
'),.<c,'>-.
'�
ria \
'=> 17
2.20
.100
.0/2
4 \...')).
n0
'C)\
172.
20.1
00.0
/24
....--
--=-
�-
."'
Untru
st Z
one
�I sr
xC-1
I
Acqu
ired
Zone
st
O: 1
0.10
.30.
1/24
(.1
) GR
E: 1
1.11
.31.
1/30
loO
: 192
.168
.1.1
,_.;=-
;:i,,f:<1
srxc
_ st
O: 1
0.10
.30.
2/24
I/Ac
quire
d Zo
ne
GRE:
11.
11.3
1.2/
3or(
.1)
loO: 1
92.1
68.2
.1
vlan .
105
?Tii �
lan.
205
-In
terfa
ce g e
-0/ 0
/4 -
-+
v lan .
106 /
(.1),
vlan.
206
172.
20.1
05.0
/24
(.10 )
Juni
per-S
V
172.
20.2
05.0
/24
172.
20.1
06.0
/24
(.10 )\.
/
(.10 )
I \/
r?
m,
II
vr
10
6
I I
··---
I..___ .
...
I -
----
IVi
rtual
Rou
ters
-Ju
nipe
r-WF
172.
20.2
06.0
/24
(.10 )
'
ACM
E-W
F
Po
d C
Ne
two
rk D
iag
ram
: P
erf
orm
ing
Se
cu
rity
Tro
ub
lesh
oo
tin
g T
ech
niq
ue
s L
ab
Juni
per-S
V
� sr �
�
-Int
erfa
c e g e
-0/0
/4 -
-+ v
lan .
100
�1 a
n.20
6
... I __ o_
s---11 ....___
AC
ME-S
V Vi
rtua l
Rou
ters
--+
17
2.2
0.1
06
.0/2
4
17
2.2
0.2
06
.0/2
4
(.1
0)
(.1
0)
Juni
per-W
F AC
ME-
WF
en
E ca ..
'QI) ca ·-
Q
.a ca .... Q
,:s 0 A.
Po
d D
Ne
two
rk D
iag
ram
: Im
ple
me
nti
ng
Ap
pS
ec
ure
La
b
ge-0
/0/8
172
.16
.1.1
/24
ge-0
/0/9
172
.16
.10
.1/2
4
srxD
-K
Trus
t Zon
e
VM S
erve
r 172
.16
.10
.10
0
Untru
st Zo
ne
K=
pod
....,
-(1
or2
)
VM C
lient
172
.16
.1.1
00
r VM
Ser
ver·�
Dut
i� I
FTP
Serv
er
Web
Ser
ver
Po
d D
Ne
two
rk D
iag
ram
: Im
ple
me
nti
ng
La
ye
r 2
Se
cu
rity
La
b
\.:�
c:)'?
p\
f
srxD
-1
loO:
192
.168
.1.1
1 (. 5
0 ) ge
-0/0
/2
vlan.
247 {
1 )�&
-o v�
17
2.20
.247
.0/2
4 <1
(.10 )
r:.--
[fl
Un
tru
st Z
on
e
172.
20.2
47.0
/24
172.
20.2
48.0
/24
-<.>-2
"-<c9 ·-2
· q_..� o
Host
172
.31.
1 5.1
r.-2; <§>"
c9'0 :,.,'q_..
� ge
-0/0
/1 (.
50)
srxD
-2
vlan.
248
(.y lo
O: 1
92.1
68.2
.1
\'>-/
r.1
) vla
n.24
8
,;:,\()
��
"
�
llf,:l)
172.
20.2
48.0
/24
¢J
(.10 )
Jun
ipe
r-S
Y
Vir
tua
l R
ou
ters
-----------==
Jun
ipe
r-W
F
Po
d D
Ne
two
rk D
iag
ram
: Im
ple
me
nti
ng
Jun
os
Vir
tua
l R
ou
tin
g L
ab
vlan
.107
172.
20.1
07.0
/24
(.10 )
Juni
per-S
V
"
�
. ..·
�
Host
172
.31.
15.1
'(� '-<& · "2
0
�I.Y o
(.-0 '.§>"
(9. Un
trust
Zon
e ,
-g.,0
�a
srxD
-1
(.1) g
e -0/
0/1
172 .
19.1
.0/3
0 ge
-0/0
/1 (
.2)
srxD
-2
-In
terfa
ce ge
-0/0
/4 -
172.
20.2
07.0
/24
(.10 )
ACM
E-SV
..___ V
i rtua
l Rou
ters
-,,,,.
172.
20.1
08.0
/24
172.
20.2
08.0
/24
(.10)
(.1
0)�
Juni
per-W
F AC
ME-
WF
Po
d D
Ne
two
rk D
iag
ram
: A
dv
an
ce
d N
AT
Imp
lem
en
tati
on
s L
ab
(P
art
s 1
-3
)
srxD
-1
10.0
.1.0
/24
I �
-<>� '-<
& ' "20
/"
.s> o
Host
172
.31.1
5.1
(.� � <S>
- o �g....,S>
srxD
-2
�·�
Publ
ic-Fa
cing Z
one
yi:
vlan.
107
(.1)
vlan.
207
.._
=+ v
lan.
108
(.1),
vlan
.208
-In
terfa
ce g
e-0/
0/4
-17
2.20
.107
.0/24
17
2.20
.207
.0/2
4 17
2.20
.108
.0/2
4 17
2.20
.208
.0/2
4 (.1
0 )
(. �
/(.1
0 )
(.10 )
'\_
.---
--.
L
r 20 7
I .....___
.
,.. I v r
1 08 I
I vr20
8 I
Juni
p er-S
V Vi
rtual
Rout
ers
-J u
nipe
r-WF
ACM
E-W
F
Po
d D
Ne
two
rk D
iag
ram
: A
dv
an
ce
d N
AT
Imp
lem
en
tati
on
s L
ab
(P
art
s 4
-5
)
srxD
-1
(.10)
Juni
per-S
V
o\'?Jc:,
\-<o�
ntru
st Z
one
i'1-
' '),
( .1)
ge-0
/0/2
vlan.
207
10.0
.1.0
/24
1Pv6
Su
bn
et
Ad
de
d
ACM
E-SV
-<;>� -..:!
&.
Untru
st Z
one
,<g.,.
-Yo
ge-0
/0/2
(.1
29)
srxD
-2
vlan.
208
(.1\
r·..-
��
��
----
,
172.
20.2
08.0
/24
(.10)
Juni
per-W
F AC
ME-
WF
Po
d D
Ne
two
rk D
iag
ram
: H
ub
-an
d-S
po
ke
IPs
ec
VP
Ns
La
b
--
"'"""'
.,.
,_
_,. .....,
-
""-
D-1
Spok
e Ho
sts
i Sp
oke
1 19
2.17
1.40
.3
Spok
e 2
192.
171.
40.4
Spok
e 3
192.
171.
40.5
Spok
e 10
-1
stO:
10.
10.4
0.3/
24
loO: 1
92.1
68.4
0.3
Spok
e 2
D-1
stO:
10.
10.4
0.4/
24
loO:
192
.168
.40.
4
Spok
e 3
D-1
stO:
10.
10.4
0.5/
24 c-i
lo
O: 1
92.1
68.4
0.5
Non
Juno
s /
De
vice
srxD
-1
stO:
10.
10.4
0.1/
24
I loO:
192
.168
.40.
1 K,
1)
(. 10 )
1 , M
aL\
/D
-
172.
20.1
00.0
/2M
L.V
\,Q
,-
Y"
!
,-
-.,,.,..,
.. ..
� _.,,.....,
-"'
D-2
Spok
e Ho
sts
l 1
Spok
e 10
-2
stO:
10.
10.4
0.6/
24
loO: 1
92.1
68.4
0.6
Spok
e 1
Spok
e2
192.
171.
40.6
192.
171.
40.7
Spok
e 3
192.
171.
40.8
Spok
e2
D-2
stO:
10.
10.4
0.7 /
24
loO:
192
.168
.40.
7
Spok
e3 0
-2
t is
tO: 1
0.10
.40.
8/24
lo
O: 1
92.1
68.4
0.8
.:Z;>
<.:za
'N
onJu
nos
D".
·.:?_
Devic
e
<:> &, o
- �
v
�.y
.J
o (.01
srxD
-2
I st
O: 1
0.10
.40.
2/24
I
liJ-O)
(Jl
l lo
O: 1
92.1
68.4
0 2
I "
""
L\/D
I .. w�
· ...
11 1
2.20
.200
.0;2
4
Po
d D
Ne
two
rk D
iag
ram
: C
on
fig
uri
ng
Gro
up
VP
Ns
La
b
srxD
-1
Key
Ser
ver
loO
: 19
2.1
68.4
1.3
loO
: 19
2.1
68.4
1.1
vlan
.107
172.
20.1
07.0
/24
(.10)
Juni
per-S
V
7�
-In
terf
ace
ge-0
/0/4
-
172.
20.2
07.0
/24
(.10)
.___ _
_ ...,
...___ v
· AC
ME-
SV
1rtua
l Rou
ters
srxD
-2
loO
: 19
2.1
68.4
1.2
172
.20.
108
.0/2
4 17
2.2
0.2
08.0
/24
(10
)(.1
0)�
Juni
per-W
F AC
ME-
WF
Po
d D
Ne
two
rk D
iag
ram
: Im
ple
me
nti
ng
Ad
va
nce
d I
Pse
c V
PN
So
luti
on
s L
ab
Loca
l-VR
(.10)
<l�a
a. '\c
· \c
u·
ocal
-VR
(.10)
�ri·
a\�
172.
20.1
00.0
;24
,al
4,e
172.
20.1
00.0
/24
,---
--
--
""' U
ntru
st Z
one
-· ·-·
----
-· ·-
0 2
. sr
xD-1
sr
x -
. Ac
quire
d Zo
ne1
stO:
_10.
10.4
0.1/
24
stO:
_10.
1 0.4
0 .2/
24 r
� )qu1re
d Zo
ne
(. ) G
RE. 1
1.11
.41.
1/30
GR
E. 1
1.11
.41.
2/30
lo
O: 1
92.1
68.1
.1
loO: 1
92.1
68.2
.1
vlan.
107
(.1)"
vlan.
207
...,
,.,..
vlan.
108
(.1)
vlan
.208
\..
-
Inter
face
ge-0
/0/ 4
-17
2.20
.107
.0/2
4 _Li
.10)
I ... 1 (\7
I
IY
I .L
Uf
I
Juni
per-S
V
172.
20.2
07.0
/24
(.10)
I vr2
07I ..___
Virtu
al R
oute
rs
172.
20.1
08.0
/24
172.
20.2
08.0
/24
(10)
(.10)'
Juni
per-W
F AC
ME-
WF
Po
d D
Ne
two
rk D
iag
ram
: P
erf
orm
ing
S_e
cu
rity
Tro
ub
les
ho
oti
ng
Te
ch
niq
ue
s L
ab
srxD
-1
vlan.
107
-In
terfa
ce ge
-0/0
/4 -
172.
20.1
07.0
/24
172.
20.2
07.0
/24
(.10
)
Juni
per-S
Y
(.10)
ACM
E-SV
�
Virt
ual R
oute
rs,,,...
srxD
-2
172.
20.1
08.0
/24
172.
20.2
08.0
/24
(10
)(.1
0)'
Juni
per-W
F AC
ME-
WF
![Junos Cryptographic Security Policy - NIST · JUNOS Software Release [15.1X49-D60]). • The command prompt ends in “:fips”, which indicates the module has been configured in](https://img.pdfslide.us/doc/110x75/5e67d56da65d3736950619a2/junos-cryptographic-security-policy-nist-junos-software-release-151x49-d60.jpg)
