Hi,
As per the error message, it looks like there is a filesystem issue. Please try to reboot and then try.
↧
Re: SSH Issue on SRX1500
↧
Re: failover or bgp vpn between SRX (Site A) to SRX & SSG5 (at same site with same Internal but different ISP )
Hello,
wrote:
1) what is the best way to cofigure Site A to SiteB vpn case A) SSG5 goes down it should work with SRX . SSG is my primay
The simplest way is to use DPD with "backup gateway" feature - on Site-A SRX210:
security {
gateway BLAH {
ike-policy branch-ike-pol;
address [ 198.51.100.20 203.0.113.30 ]; ## 203.0.113.30 is the backup IKE GW,
dead-peer-detection { ## 203.0.113.30 will be used only when DPD to 198.51.100.20 fails
always-send;
threshold 3;
} wrote:
2) or can i use srx210 with dual ISP at Site B and eshtablish vpn with site A . Means Site A single GW , site B dual GW with Same intranet , Can i do this ?
Yes You can.
HTH
Thx
Alex
↧
↧
BFD issues
Good Evening
We are running a OSPF backbone with around 35 routers and 100 routes. The routing table is not that large compared to other systems we have running. If i log into a router that is running OSPF and BFD and simply "run show route" command the BFD session is reset.
Is this normal behavioure? All sessions are dropped and the network reconverges. BFD only drops for one second
↧
Re: BFD issues
Hello,
By the looks of it, You are using:
1/ centralized BFD running on Routing Engine
2/ too aggressive BFD timers
What is the hardware and JUNOS version please?
HTH
Thx
Alex
↧
Re: failover or bgp vpn between SRX (Site A) to SRX & SSG5 (at same site with same Internal but different ISP )
Hi
where do you want me to give this DPD configuration ?
1) is it in eshtablished tunnel b/w srx & ssg5 ??
if it is possible can you send me config file with below details ( bgp routing from site A along with DPD , giving Site B established vpn details , need to configure srx with same intranet and bringup policy based or route based vpn ) to test i will bring down 1 ISP )
Site A : SRX 210
ge-0/0/0 3.30.02 ( Untrust eg )
ge 0/0/1 192.168.50.0/24 (trust )
st0.1 10.11.11.11/24 (SSG5 route )
st0.2 13.11.11.11/24 (SRX 210 route )
Site B: SSG5
untrust : 23..5.4.7
trust : 192.168.2.0/24
tunnel 1 : 10.11.11.12/24
Site B : SRX 210
trust 192.168.2.0/24
untrust : 26.7.2.1
st0.1 : 13.11.11.12/24
↧
↧
Re: SSH Issue on SRX1500
>start shell user root
% ssh-keygen rsa -f /etc/ssh/ssh_host_rsa_key
Unfortunately I get "Too many arguments" with this command.
Reboot no success either.
↧
Re: SSH Issue on SRX1500
Okay, I tried a different command, which the SRX accepted:
ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
However, I got the following message and I am not a Linux expert:
Saving key "/etc/ssh/ssh_host_rsa_key" failed: Too many levels of symbolic links
↧
Re: SSH Issue on SRX1500
I've found the issue......
ssh -> /var/db/ssh
It's constantly pointing to itself within /etc
/cf/etc
ssh -> /cf/etc/ssh
↧
Re: SSH Issue on SRX1500
Try this
> start shell user root
% cd /cf/etc/ssh
% ssh-keygen -t rsa -f ssh_host_rsa_key
Regards
Leon Smirnov
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too
↧
↧
Re: SSH Issue on SRX1500
Yes it is link
Leon
↧
Re: SSH Issue on SRX1500
Solved it (well, I've solved this with the issue, I have yet to see if my resolution has affected anything else)...... For anyone esle having the same issue:
I couldn't use "unlink" because the command did not exist so that only left me one option within the /dev/db directory and that was as follows:
rm ssh
mkdir ssh
ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
Now I can SSH to the SRX.
Thank you all for pointing me in the right direction.
↧
Re: help with transparent mode
Which software version are you using? The specific command option you're trying to use, appears to have been introduced in 15.1X49-D40. On many previous versions, the default was 'mixed' mode which allowed individual ports to be configured as either ethernet-switching or inet. It's possible you have one of those versions loaded.
The 'Global Mode: Not Set' result suggests no interfaces are configured for family ethernet-switching. Can you make sure at least one interface is configured for ethernet-switching and is Up/Up, then repeat 'show ethernet-switching global-information'?
And can you also check what options you have in configuration mode for 'set protocols l2-learning global-mode ?' That, plus the software version, will help identify how to configure this mode.
↧
SRX DHCP from routing-instance and "no gate found"
Anyone knows what this means in packet trace log related to DHCP packets? Haven't seen before..
Apr 18 21:58:21 21:58:20.881836:CID-0:RT:search gate for untrust:0.0.0.0/68->255.255.255.255/67,17
Apr 18 21:58:21 21:58:20.881836:CID-0:RT:gate_search_specific_bucket: no gate found
Apr 18 21:58:21 21:58:20.881836:CID-0:RT:search gate for untrust:0.0.0.0/68->255.255.255.255/67,17
Apr 18 21:58:21 21:58:20.881836:CID-0:RT:gate_search_specific_bucket: no gate found
Apr 18 21:58:21 21:58:20.881836:CID-0:RT:search widecast gate for untrust:0.0.0.0/68->255.255.255.255/67,17
Apr 18 21:58:21 21:58:20.881836:CID-0:RT:gate_search_widecast_bucket: no gate found
Apr 18 21:58:21 21:58:20.881836:CID-0:RT:check self-traffic on vlan.11, in_tunnel 0x0
I have a guest network DHCP with jDHCPd configured on a vlan interface, which is located in a non-default routing-instance. All the rules allowing the traffic should be in place, but it's still not working for some reason..
Related parts of configuration:
version 12.3X48-D65.1;
system {
dhcp-local-server {
group tys-guest {
interface vlan.11;
}
}
nat {
source {
rule-set untrust-source-nat {
from zone untrust;
to zone untrust;
rule guest-sourcenat {
match {
source-address 10.123.124.0/24;
}
then {
source-nat {
interface;
}
}
}
}
policies {
from-zone untrust to-zone untrust {
policy untrust-internal {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone untrust to-zone junos-host {
policy allow-management {
description "Has to be before the deny policy";
match {
source-address something/27;
destination-address any;
application [ junos-ssh junos-https junos-http ];
}
then {
permit;
}
}
policy deny-management-rest {
match {
source-address any;
destination-address any;
application [ junos-ssh junos-https junos-http ];
}
then {
reject;
}
}
policy allow-rest {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
zones {
security-zone trust {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
vlan.10;
}
}
security-zone untrust {
screen untrust-screen;
interfaces {
fe-0/0/0.0 {
host-inbound-traffic {
system-services {
dhcp;
tftp;
ike;
ping;
ssh;
}
}
}
vlan.11 {
host-inbound-traffic {
system-services {
dhcp;
ping;
}
}
}
}
}
interfaces {
fe-0/0/0 {
unit 0 {
family inet {
address something/24;
}
}
}
fe-0/0/1 {
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members vlan-guest;
}
native-vlan-id 10;
}
}
}
fe-0/0/7 {
description Varalinja;
unit 0 {
family inet {
address 192.168.1.2/24;
}
}
}
vlan {
unit 10 {
family inet {
address 10.1.1.254/24;
}
}
unit 11 {
family inet {
address 10.123.124.1/24;
}
}
}
}
routing-options {
interface-routes {
rib-group inet inside;
}
static {
route 10.2.0.0/24 next-hop st0.1;
route 0.0.0.0/0 next-table Main-ISP.inet.0;
}
rib-groups {
Main-ISP-to-4G-ISP {
import-rib [ Main-ISP.inet.0 4G-ISP.inet.0 ];
}
4G-ISP-to-Main-ISP {
import-rib [ 4G-ISP.inet.0 Main-ISP.inet.0 ];
}
inside {
import-rib [ inet.0 Main-ISP.inet.0 4G-ISP.inet.0 ];
}
}
}
access {
address-assignment {
pool something-guest {
family inet {
network 10.123.124.0/24;
range something-guest-range {
low 10.123.124.10;
high 10.123.124.250;
}
dhcp-attributes {
maximum-lease-time 28800;
domain-name something-guest.local;
name-server {
8.8.8.8;
8.8.4.4;
}
router {
10.123.124.1;
}
}
}
}
}
}
routing-instances {
4G-ISP {
instance-type virtual-router;
interface fe-0/0/7.0;
routing-options {
interface-routes {
rib-group inet 4G-ISP-to-Main-ISP;
}
static {
route 0.0.0.0/0 next-hop 192.168.1.1;
}
}
}
Main-ISP {
instance-type virtual-router;
interface fe-0/0/0.0;
interface vlan.11;
routing-options {
interface-routes {
rib-group inet Main-ISP-to-4G-ISP;
}
static {
route 0.0.0.0/0 next-hop somepublicip;
}
}
}
}
vlans {
vlan-guest {
vlan-id 11;
l3-interface vlan.11;
}
vlan-trust {
vlan-id 10;
l3-interface vlan.10;
}
}
↧
↧
SRX110 VDSL Configuration pp0.0 down inet
Hi,
I'm new to configuring Juniper products, I know my way around Cisco products reasonably well, certainly not a pro but not a beginner.
I've brought an SRX110H-VA to get into Juniper and I'm attempting to replace my Cisco router on my VDSL line with the SRX.
I've followed the VDSL configuration guide for what I believe is the correct settings:
CHAP authentication and negotiated IP. The Cisco and talktalk supplied router both use chap and negotiate the IP address so I believe this is correct.
However when I use the show interfaces terse command the pp0.0 interface is showing as "up down inet"
pp0.0 up down inet
Can anyone point me in the right kind of direction?
Below are the vdsp commands I've configured:
pt-1/0/0 {
vdsl-options {
vdsl-profile auto;
}
unit 0 {
encapsulation ppp-over-ether;
}
}
pp0 {
unit 0 {
ppp-options {
chap {
default-chap-secret "xxxxxxxxxxxxxxxxxxxxx"; ## SECRET-DATA
local-name "xxx@yyy.com";
}
}
pppoe-options {
underlying-interface pt-1/0/0.0;
auto-reconnect 10;
client;
}
family inet {
negotiate-address;
}
}
}
Any assistance would be greatly appreciated 
Many Thanks,
Tom
↧
Re: SRX DHCP from routing-instance and "no gate found"
Can you provide the output of
show security alg status
show security alg status
↧
Re: IKEv2 Traffic Slector in 17.X
Thank you Steve. The feature explore does indeed show that 17.3R1 is not supported, and in 18.1R1 there is still an open problem with traffic selectors I see. We will lab it first before implenting it.
↧
Re: SRX DHCP from routing-instance and "no gate found"
JDHCP config for routing instance should be defined under the VR . Please refer https://kb.juniper.net/KB26897 -
How to configure JDHCP in a routing instance
↧
↧
Re: help with transparent mode
If this is the new setup I would suggest you upgrade the device to 15.1X49-D120 and then follow the same KB31147. Can confirm that this version dont have error as you observed.
root@SRX# run show version
node1:
--------------------------------------------------------------------------
Hostname: SRX
Model: srx345
Junos: 15.1X49-D120.3
JUNOS Software Release [15.1X49-D120.3]
root@SRX# show protocols l2-learning
global-mode transparent-bridge;
root@SRX# show | compare
[edit]
+ protocols {
+ l2-learning {
+ global-mode transparent-bridge;
+ }
+ }
root@SRX# commit
node1:
commit complete
root@SRX#
Junos upgrade instructions - https://kb.juniper.net/KB16652
↧
Re: SRX110 VDSL Configuration pp0.0 down inet
Can you share output for “root@srx> monitor traffic interface pt-1/0/0 no-resolve”
↧
Re: help with transparent mode
The current os version that i am running
Junos software release 15.1x49-d45
I tryed a while ago to upgrade the os through the gui and it hung up on the verification of the package would never update
Junos software release 15.1x49-d45
I tryed a while ago to upgrade the os through the gui and it hung up on the verification of the package would never update
↧