1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Need help with a complex network setup

Discussion in 'Networking' started by Garlicbreath, Nov 2, 2011.

Thread Status:
Not open for further replies.
  1. Garlicbreath

    Garlicbreath Thread Starter

    Nov 2, 2011
    Hi Everyone!
    I am new to this forum, finally gave up and decided I need to ask for some help from some people with way more knowledge than I have.

    Here is my dilemma.
    I am not good at getting all the equipment to play nice together.

    Here's the sequence, and how I assume is the best way to set this up.
    I could be WAY off base so I made a diagram of the equipment and the ports.

    Seimens Gigaset SE567 DSL modem
    Juniper SSG-5
    Trendnet POE switch into Juniper
    Netgear into juniper
    Axis PoE megapixel cameras into Trendnet PoE switch
    Trendnet AP into juniper
    Rackable server into Netgear router

    Here is what I want to do.
    And if I need another PoE switch let me know, I am kind of leaning that way.

    I have a network of IP cameras that are PoE
    The rackable server runs WinXP SP3 and the dvr/nvr software to record the cameras.
    The trendnet AP will provide internet access to tenants in the building. It would be nice for them to be able to see the cameras real time but NOT have access to the server.
    I want 2 networks, one for the tenants, and one internal for me, the server, and my personal NAS.

    I want to be able to VPN into the server to monitor the property from another location.
    I don't know if I need the netgear VPN if I have the Juniper, you don't need vpn equipment on both ends do you?

  2. Garlicbreath

    Garlicbreath Thread Starter

    Nov 2, 2011
    What do I do about dhcp?
    Do I want to do static ips?
    Do I turn off dhcp for all devices but one? IE let the juniper dish out ip's?

    Any help would be GREATLY appreciated.

    On another note I did setup DynDns and have it working on the dsl modem, and I can log onto it from the internet, but I don't understand how to get through it to the juniper or the netgear router.
  3. zx10guy

    zx10guy Trusted Advisor Spam Fighter

    Mar 30, 2008
    I don't know much about the SSG line from Juniper. I do know it's from their NetScreen acquisition and ScreenOS is from this acquisition. Juniper has developed their own line of security appliances called SRX. If the SSGs are anything like the SRXs, then Juniper won't provide support nor do they have a VPN client to connect to it. The guidance I have received on SRX is that if you need VPN client access that you'll need to use 3rd party software to do it. Support for SRXs from Juniper are only with site to site tunnels.

    I would consider turning your Siemans into a pure modem and then use either the Juniper or Netgear FVS router to be your edge router/firewall. It will make things simpler when it comes to establishing a VPN session to either the Juniper or Netgear appliances. Although the Siemans might support VPN pass through. I know the FVS supports being a dynamic DNS client. Not sure if the SSG does. I know the SRX does not natively through JunOS and would require a custom script and trigger to be configured which I've done on my SRX210.

    There is so much equipment going on with your network it really begs to be simplified for what you want to do. From what I see, you can group the IP cameras with your tenant clients to allow your tenants to have access to them. If you do this, I would set a DHCP range for your tenants that does not overlap with the static addresses you set for the IP cameras. Your private network would need to be on a different subnet and better yet should be VLAN'd or isolated on a different layer 2 network. I don't remember if the FVS318 supports what Netgear calls multi-homing. It's been a while since I've played with my FVS318v1. If it does, you can have the FVS318 support multiple subnets and have it be the gateway for both. The alternative is to configure the SSG to do the same which it should as the SRX 100 does support multiple virtual router interfaces.
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1025143

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice