Quantcast
Channel: All SRX Services Gateway posts
Viewing all articles
Browse latest Browse all 17645

DHCP Issues with SRX300

$
0
0

Hello,

 

Clients obtaining an IP from the 10.255.7.160 pool cannot connect to the outside world. They obtain an IP. I can ping them from the SRX. I can ping 8.8.8.8 from the SRX. But the clients cannot. What is missing?

If you set a STATIC IP for that network, it works correctly. Users can browse, ping 8.8.8.8, etc.

Example:  10.255.7.180  255.255.255.224     GW: 10.255.7.161

 

set access address-assignment pool GuestWifiPool family inet network 10.255.7.160/27
set access address-assignment pool GuestWifiPool family inet range r1 low 10.255.7.163
set access address-assignment pool GuestWifiPool family inet range r1 high 10.255.7.189
set access address-assignment pool GuestWifiPool family inet dhcp-attributes maximum-lease-time 28800
set access address-assignment pool GuestWifiPool family inet dhcp-attributes name-server 8.8.8.8
set access address-assignment pool GuestWifiPool family inet dhcp-attributes router 10.255.7.161
set access address-assignment pool GuestWifiPool family inet dhcp-attributes propagate-settings irb.136
set interfaces irb unit 136 family inet address 10.255.7.161/27

set security zones security-zone GuestiNet interfaces irb.136 host-inbound-traffic system-services traceroute
set security zones security-zone GuestiNet interfaces irb.136 host-inbound-traffic system-services ping
set security zones security-zone GuestiNet interfaces irb.136 host-inbound-traffic system-services dhcp
set security zones security-zone GuestiNet interfaces irb.136 host-inbound-traffic protocols all

set security policies from-zone GuestiNet to-zone untrust policy Guest-to-untrust match source-address any
set security policies from-zone GuestiNet to-zone untrust policy Guest-to-untrust match destination-address any
set security policies from-zone GuestiNet to-zone untrust policy Guest-to-untrust match application any
set security policies from-zone GuestiNet to-zone untrust policy Guest-to-untrust then permit
set security nat source rule-set trust-to-untrust from zone trust
set security nat source rule-set trust-to-untrust to zone untrust
set security nat source rule-set trust-to-untrust rule source-nat-rule match source-address 0.0.0.0/0
set security nat source rule-set trust-to-untrust rule source-nat-rule then source-nat interface
set security nat source rule-set Guest-to-untrust from zone GuestiNet
set security nat source rule-set Guest-to-untrust to zone untrust
set security nat source rule-set Guest-to-untrust rule source-nat-guest match source-address 10.255.7.160/27
set security nat source rule-set Guest-to-untrust rule source-nat-guest then source-nat interface

Thank you in advance.


Viewing all articles
Browse latest Browse all 17645

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>