Are you able to ping the dsl inteface:
set interfaces at-1/0/0 unit 0 family inet address 8x.7x.x9.x1/32
IS this route active in the table
show route
set routing-options static route 0.0.0.0/0 next-hop at-1/0/0.0
↧
Re: SRX320 VDSL/ADSL Module Configuration
↧
Re: no route to host
Did you ever manage to resolve this? I'm in the exact same situation and am desperate for help!
↧
↧
Re: Which SRX to replace SSG5?
I would suggest the SRX320. We are just in the process of replacing a load of SSG5, SSG20 and NS5GT devices, and the SRX320 has been the right fit to replace all of these.
↧
Re: Dual Control link SRX5800 not working
Hi,
I do not think that its the root cause becaus of :
it says :
The second Routing Engine, to be installed on SRX5000 line devices only, does not provide backup functionality. It does not need to be upgraded, even when there is a software upgrade of the master Routing Engine on the same node.
so in my view second routing engine does not have to be the same software version. In my case of course master routing engines on both nodes have the same soft, Jus secondary have different
↧
Re: SRX320 VDSL/ADSL Module Configuration
wrote: Are you assigned a static ip address on this service? I had been assuming it was dhcp but noticed this in your SSG config - It is static
You may need to set the family inet on the interface directly - What do I need to do to achieve this?
Route/nat mode does not apply to the SRX - I don't understand the implications of this, I'm sorry.
I also notice this is a /32 so I'm not sure how your outbound static default route will work in this setup. I've not seen that before. - Ok, we only have a single ISP assigned IP, so not sure how I could tweak this.
↧
↧
Re: SRX320 VDSL/ADSL Module Configuration
wrote:Are you able to ping the dsl inteface:
set interfaces at-1/0/0 unit 0 family inet address 8x.7x.x9.x1/32 - I am not able to ping the external IP address, is that what you mean?
IS this route active in the table
show route
set routing-options static route 0.0.0.0/0 next-hop at-1/0/0.0 - No, it does not appear.
Here are some results:-
show route
8x.7x.x9.x1/32 *[Local/0] 00:00:02 Reject
show interfaces at-1/0/0 terse
Interface Admin Link Proto Local Remote
at-1/0/0 up up
at-1/0/0.0 up down inet 8x.7x.x9.x1 --> 0/0
at-1/0/0.32767 up up
↧
SRX210 Jweb interface page errors - Browser version?
Hi All;
This probably dumb question, but getting json_encode errors when viewing JWeb pages in chrome, firefox and IE:
Fatal error: Call to undefined function json_encode() in /html/core/errmsg.php on line 535
I assume this is because my browsers are too new?? Do we know what old versions of the browser will work? is there a fix?
↧
Re: SRX210 Jweb interface page errors - Browser version?
Hi,
The message is for debugging purpose and there will be no service impact due to this message.
You may have a look at below link for the details: https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1308638
Regards,
Rahul
↧
HA and Dual Wan Loadbalancing
Dear All,
I would like to know what is the weakness of my config. I configure my SRX 340 HA and Dual wan loadbalancing with per-packet loadbalancing.But per-packet loadbalancing is not working . if we configure only one static route ,it is ok.if we use dual loadbalancing ,it is not work.
↧
↧
Re: HA and Dual Wan Loadbalancing
Hi ,
Please share the below output.
show route forwarding-table destination 0.0.0.0
show version
Please refer below document.
https://kb.juniper.net/InfoCenter/index?page=content&id=KB23417
Regards,
Rahul
↧
Re: HA and Dual Wan Loadbalancing
You can also read some of earlier post.
https://forums.juniper.net/t5/SRX-Services-Gateway/load-balancing-on-SRX/td-p/34343
https://forums.juniper.net/t5/SRX-Services-Gateway/per-prefix-load-balancing/m-p/33716
Regards,
Rahul
↧
Re: HA and Dual Wan Loadbalancing
i tried your links but i can't not ping to google from firewall in putty.if i plug out the wan one cable ,ping is work.if i put two wan link are plugged ,it isn't work.
wrote: You can also read some of earlier post.
https://forums.juniper.net/t5/SRX-Services-Gateway/load-balancing-on-SRX/td-p/34343
https://forums.juniper.net/t5/SRX-Services-Gateway/per-prefix-load-balancing/m-p/33716
Regards,
Rahul
wrote: You can also read some of earlier post.
https://forums.juniper.net/t5/SRX-Services-Gateway/load-balancing-on-SRX/td-p/34343
https://forums.juniper.net/t5/SRX-Services-Gateway/per-prefix-load-balancing/m-p/33716
Regards,
Rahul
↧
Re: HA and Dual Wan Loadbalancing
wrote:Hi ,
Please see attachment for information.I cannot ping 8.8.8.8 from firewall whan dual wan links are active.when one wan is down i can ping to google.my configuration is wrong?
wrote:Hi ,
Please share the below output.
show route forwarding-table destination 0.0.0.0
show version
Please refer below document.
https://kb.juniper.net/InfoCenter/index?page=content&id=KB23417
Regards,
Rahul
wrote:Hi ,
Please share the below output.
show route forwarding-table destination 0.0.0.0
show version
Please refer below document.
https://kb.juniper.net/InfoCenter/index?page=content&id=KB23417
Regards,
Rahul
Hi,
please see attachment for informations.i canot ping google from firewall.
Please share the below output.
show route forwarding-table destination 0.0.0.0
show version
Please refer below document.
https://kb.juniper.net/InfoCenter/index?page=content&id=KB23417
Regards,
Rahul
↧
↧
My Local LAN network cannot route to internet
Dear All,
I would like to know why my loacal net work cannot route to internet in this topology.
i have two internet connections and juniper HA and then L3 switch.i run stacking in L3 switch and all vlan are create in L3 and i connect one connection to firewall ( VLAN 7 -1.1.7.1/24) and default route next hop ip is firewall LAN IP (1.1.7.2/24).
My problem is i get internet access in VLAN only.other Vlan cannot access internet.how to fix it?
↧
Re: HA and Dual Wan Loadbalancing
Hi,
Configuration is not wrong. I just want to make sure that you've two path in forwarding table.
show route forwarding-table destination 0.0.0.0/0
or
show route forwarding-table destination 8.8.8.8
Regards,
Rahul
↧
Re: SRX320 VDSL/ADSL Module Configuration
Trying to sort through the options here, but this is the fundamental problem. The static sub interface on the dSL is up/down
at-1/0/0.0 up down inet 8x.7x.x9.x1 --> 0/0
Since this is down your public address is in reject instead of active
and your default route will not install because the interface is down.
I cannot see the error with the configuration causing the connection negociation to fail.
Can you try enabling trace options on the at interface and see what logging we get for the connection?
set interface at-1/0/0 traceoptions file dsl.log
set interface at-1/0/0 traceoptions flag all
Then show the results using:
show log dsl.log
↧
Re: My Local LAN network cannot route to internet
Does the SRX have a return route to all the vlans that are setup layer 3 on the switch?
show route
Does the internet nat rule cover all the vlans on the switch to perform the public nat?
show configuration security nat source
↧
↧
Re: My Local LAN network cannot route to internet
wrote:Does the SRX have a return route to all the vlans that are setup layer 3 on the switch?
show route
Does the internet nat rule cover all the vlans on the switch to perform the public nat?
show configuration security nat source
HI,
Please see the attached myconfig file.My SRX don't have vlan. VLans are only in L3 switch.the L3 switch is the gateway for all VLANs, it will route directly between them . i configure default route in L3 to firewall(eg. 0.0.0.0/0 next-hop 10.1.7.2).10.1.7.2 is firewall interface and 10.1.7.1 is the L3 vlan7 interface IP.When i connect l2 switch to firewall and i assign static ip (10.1.7.1) in my laptop .I can access internet. i can not access internet under L3 switch and others vlan also cannot access internet.
I didn't run nat rule in L3 switch. I run nat rule in my SRX firewall.Do i need to run nat in switch?
↧
Re: My Local LAN network cannot route to internet
As Steve suspect you are missing a route for your vlan subnets.
something like 'set routing-options static route <lan-net> next-hop 10.7.1.1' where you have to either route a larger prefix or alternative one route statement per vlan.
Nat and security policies should allow traffic correctly when routes have been applied.
↧
SRX-5400 randomly misses static NAT translation
Hi, we experienced a werid problem that SRX-5400 (cluster) would miss static NAT translation, we have a SBC in trust zone with RFC1918 address, SRX-5400 statically translate this SBC's IP to publically routable IP address, customer sets the SIP trunking pointing to this public IP address, standary stuff and it has been working fine.
We recently had an incident that SIP INVITES sent from our side to customer were silently dropped on customer side, upon troubleshooting, customer confirmed that the INVITES were coming from our side SBC's RFC1918 address therefore dropped by their side firewall. We don't have a way to consistently reproduce this problem, I opened a case with JTAC, JTAC engineer was also puzzled as NAT configuration as well as security policies all look correct, I am wondering can this happen on SRX? I mean, static NAT would either work or not, how could it be that certain translations would be missed?
↧