Ping/traceroute datacenter ip using irb.1 interface ip as source (10.255.7.1) from SRX.
↧
Re: Issue communicating with Network from SRX300
↧
Re: traffic only flows in one direction through routed based VPN between srx and paloalto
As per the flow trace, SRX passes the traffic successfully from 172.16.3.52 to 172.30.10.4. You may have to check at PC which is having IP 172.30.10.4. Is there any kind of desktop firewall installed on 172.30.10.4? There is no need to configure lan to vpn nat. You may remove those config.
↧
↧
UBS Port Console Access
Is it possible to use the supplied USB cable to give console access to an SRX?
I have downloaded the drivers to enable this but despite playing with the settings in SecureCRT, I am unable to get this functioning.
Does anyone use this method, and if so, what else will I need to do?
↧
Re: Issue communicating with Network from SRX300
That command does work, thank you.
Still cannot figure out why disconnecting the switch makes SRX unreachable though.
↧
Firmware version 12.1X46-D86 issues
After upgrading an SRX100 router to 12.1X46-D86 i cannot log into it through web gui. I can ssh to it with same accounts though. I installed it because its currently a jtac recommended version.
↧
↧
DHCP Issues with SRX300
Hello,
Clients obtaining an IP from the 10.255.7.160 pool cannot connect to the outside world. They obtain an IP. I can ping them from the SRX. I can ping 8.8.8.8 from the SRX. But the clients cannot. What is missing?
If you set a STATIC IP for that network, it works correctly. Users can browse, ping 8.8.8.8, etc.
Example: 10.255.7.180 255.255.255.224 GW: 10.255.7.161
set access address-assignment pool GuestWifiPool family inet network 10.255.7.160/27 set access address-assignment pool GuestWifiPool family inet range r1 low 10.255.7.163 set access address-assignment pool GuestWifiPool family inet range r1 high 10.255.7.189 set access address-assignment pool GuestWifiPool family inet dhcp-attributes maximum-lease-time 28800 set access address-assignment pool GuestWifiPool family inet dhcp-attributes name-server 8.8.8.8 set access address-assignment pool GuestWifiPool family inet dhcp-attributes router 10.255.7.161 set access address-assignment pool GuestWifiPool family inet dhcp-attributes propagate-settings irb.136
set interfaces irb unit 136 family inet address 10.255.7.161/27 set security zones security-zone GuestiNet interfaces irb.136 host-inbound-traffic system-services traceroute set security zones security-zone GuestiNet interfaces irb.136 host-inbound-traffic system-services ping set security zones security-zone GuestiNet interfaces irb.136 host-inbound-traffic system-services dhcp set security zones security-zone GuestiNet interfaces irb.136 host-inbound-traffic protocols all set security policies from-zone GuestiNet to-zone untrust policy Guest-to-untrust match source-address any set security policies from-zone GuestiNet to-zone untrust policy Guest-to-untrust match destination-address any set security policies from-zone GuestiNet to-zone untrust policy Guest-to-untrust match application any set security policies from-zone GuestiNet to-zone untrust policy Guest-to-untrust then permit
set security nat source rule-set trust-to-untrust from zone trust set security nat source rule-set trust-to-untrust to zone untrust set security nat source rule-set trust-to-untrust rule source-nat-rule match source-address 0.0.0.0/0 set security nat source rule-set trust-to-untrust rule source-nat-rule then source-nat interface set security nat source rule-set Guest-to-untrust from zone GuestiNet set security nat source rule-set Guest-to-untrust to zone untrust set security nat source rule-set Guest-to-untrust rule source-nat-guest match source-address 10.255.7.160/27 set security nat source rule-set Guest-to-untrust rule source-nat-guest then source-nat interface
Thank you in advance.
↧
Extract JunOS 11.4R7.5 firmware from SRX Gateway
Hello
The release 11.4R7.5 is not downloadable anymore. Is it possible to extract the firmware release from an existing device?
Model: srx240h
JUNOS Software Release [11.4R7.5]
Could you help me to extract it?
KR,
Dario.
↧
Re: Firmware version 12.1X46-D86 issues
Hi,
Kill the httpd process and try to access the device again via web gui.
Eg:
{primary:node0}
root@E_HHA02_EXT_FW01> show system processes extensive | match http
1749 nobody 1 96 0 8148K 3604K select 0:00 0.00% httpd
1741 root 1 106 0 7652K 3008K select 0:00 0.00% httpd-gk
{primary:node0}
root@E_HHA02_EXT_FW01> start shell user root
root@E_HHA02_EXT_FW01% kill -9 1749
root@E_HHA02_EXT_FW01% cliIf it still doesn't work, please let me know the version on the device prior to the upgrade.
Thanks and Regards,
Pradeep Kumar M.
↧
Re: Firmware version 12.1X46-D86 issues
Technically i did as i restarted the router to see if it would fix it.
↧
↧
Re: Firmware version 12.1X46-D86 issues
Tried your suggestion, didn't work.
↧
Re: Extract JunOS 11.4R7.5 firmware from SRX Gateway
Hi Dario,
You can create a snapshot to a USB making it a bootable and use it to boot another SRX device of the same model.
Refer to https://kb.juniper.net/InfoCenter/index?page=content&id=KB29811 for the steps to be followed.
Thanks and Regards,
Pradeep Kumar M
↧
Re: Firmware version 12.1X46-D86 issues
Hi,
I missed the point that same accounts work for SSH and that you can get to the login page but the credentials just don't work.
Just checked and found the below thread with similar issue which confirms this is a known issue on this specific version without any workarounds.
Hope this helps.
Thanks,
Pradeep
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!
↧
Re: UBS Port Console Access
If you have installed the drivers and plugged the usb cable from your PC to the mini-USB port, does the serial port show up in you device manager? It should register itself as a COM port with next available number assigned (Eg. COM3).
Can you see it in the device manager with the right driver/function? (not showing up as an unknown device).
↧
↧
Re: DHCP Issues with SRX300
Would be nice to see which IP settings the client(s) are provided via DHCP.
One thing which points out is this config line:
set access address-assignment pool GuestWifiPool family inet dhcp-attributes propagate-settings irb.136
propagate-settings are used to replicate eg. dns-servers assigned via dhcp on your firewall uplink. In this case you refer to the interface itself which I can imagine doesn't work together with the rest of the configuration.
Can you remove that part of the configuration, try dhcp on a client again and print it's ipconfig/ifconfig output here? and what about basic ping of the gateway ip from a client? Does this work?
↧
Re: Firmware version 12.1X46-D86 issues
So why is it JTAC recommended software?
↧
Re: Firmware version 12.1X46-D86 issues
↧
Re: st0.6 interface not coming up IPSEC VPN
So tunnel fails in IKEv1 phase 1 in packet exchange number 3/4.
Most likely a configuration issue. I would check the configuration on both the peer devices again.
Also in the logs i see the SRX trying to use port 4500 indicating NAT happening
[Oct 15 11:03:00 PIC 1/0/2 KMD1]ike_send_packet: <-------- sending SA = { 61ccdef0 4d2dd809 - 41f56fed 0a018db8}, len = 92, nego = -1, local ip= 185.16.71.132, dst = 34.250.189.60:4500, routing table id = 6
Given that the peer device is on AWS, i assume it uses a private IP address which then gets changed to Elastic IP address provided by AWS before going out to internet.
May be we need to use local iand remote identities to verify the identity of the peer device instead of relying on the IP addresses.
↧
↧
Re: Extract JunOS 11.4R7.5 firmware from SRX Gateway
Also if you have an active support contract you can open a ticket and get copies of no longer posted firmware from support.
↧
Re: Issue communicating with Network from SRX300
The virtual irb interface require that at least one physical interface in that vlan be up for the virtual interface to come up. So likely you have all the vlans on a trunk port facing the switch. When the switch is disconnected there are no active physical interfaces so the irb interfaces all go up/down in status.
You can verify this by using
show interface terse
↧
SRX300 - 18.2R3-S1.7 - smid_register / sdb_db_init failed
I just upgraded an SRX300 to 18.2R3-S1.7 (as listed on the recommend junos software page) and syslog is filled with:
Oct 17 21:14:07 jnx repd[2078]: sdb_db_init: Failed to init stats db, err:-2
DB out of memory
Oct 17 21:14:07 jnx repd[2078]: smid_register: sdb_db_init failed err:-2 for repd, pid:2078
Has anybody seen this error before ? I can't find any details on "repd" process..
thanks!
↧