Clik here to view.
Re: log traffic for the default deny policy not working
Hi Suraj Here is the output , also note i upgraded to 12.3X48-D30 , just in case it was an issue with the previous junos version , still no luck show troot@srx210> show routeinet.0: 5 destinations,...
View ArticleRe: log traffic for the default deny policy not working
Hi egawd,Now it's clear. When you try log on port 2222 it hits Destination NAT rule nsw_destnat as you are trying to do this from Internet zone. And because of the destination NAT rule your traffic...
View ArticleRe: log traffic for the default deny policy not working
Destination NAT config:===============================================destination { pool 192_168_1_2_22 { address 192.168.1.2/32 port 22; } rule-set nsw_destnat { from zone Internet; rule...
View ArticleRe: VDSL service disruption!
Thank you Ben! That's exactly what's happening to me. Glad to know I'm not the only one. Bye, F.
View ArticleRe: log traffic for the default deny policy not working
Hi Suraj I already have the following : from-zone Internet to-zone junos-host { policy deny-junos { match { source-address any; destination-address any; application any; } then { deny; log {...
View ArticleRe: SRX240H2 static route works only one way
Hello, I am assuming SRX240 comes in the path for both A to B as well as B to A path.It looks either like an issue with security policy or NAT on SRX240.Can you share specific output of security...
View ArticleRe: How to configure IPSec RemoteVPN on new branch SRX?
I tried following configuration provided under this link but I can't get access with Shrew Soft. I get the Phase 1 - ike tunnel up but then Shrew just stops at "bringing tunnel up" and SRX doesn't show...
View ArticleRe: log traffic for the default deny policy not working
Can you add the below config and check again. I feel the traffic maynot be reaching policy as they are not allowed under zone. On Internet zone you have enabled dhcp only. delete security zones...
View ArticleRe: How to configure IPSec RemoteVPN on new branch SRX?
Hello, What is your shrew soft configuration?Did you try some other client? Regards, Rushi
View ArticleRe: SRX and failover behavior
Hi, I believe it is possible to configure interfaces on active node only for interface monitoring.However, the weights can be configured such a way that node 0 is active whenever at least 1 member...
View ArticleRe: log traffic for the default deny policy not working
Hi Suraj Im not exactly sure what you are trying to do here but , its throwing out an error : root@srx210# delete security zones security-zone Internet host-inbound-traffic system-services warning:...
View ArticleSRX to ssg site-site vpn failing
Hi, We have 2 SSG5 routers in Site A and Site B, we have added one more router at Site C (SRX210HPOE) , site-site vpn tunnle working fine b/w Site A and SiteB. But now we have to confiure...
View ArticleRe: log traffic for the default deny policy not working
Can you try this?delete security zones security-zone Internet host-inbound-traffic system-services dhcpset security zones security-zone Internet host-inbound-traffic system-services any-service
View ArticleRe: SRX to ssg site-site vpn failing
Hello, st1.0 is not a valid tunnel number.I think supported range is st0.0 to st0.16385. Can you change the tunnel interface for other tunnel to st0.2? Regards, Rushi
View ArticleRe: SRX to ssg site-site vpn failing
Hi , can you please tell me how to change existing st1.0 to st0.2 ? and bind too , set command will change modifigications or will create new one ?
View ArticleRe: How to configure IPSec RemoteVPN on new branch SRX?
I didn't try any other clients then Shrew soft. What can you recommend which should work with IPSec Remote VPN?Here is my Shrew connection settingn:version:4 n:network-ike-port:500...
View ArticleRe: SRX to ssg site-site vpn failing
Hello, Can you try below commands: delete security ipsec vpn ike-india-corp-vpn bind-interface st1.0delete security zones security-zone vpn.hyd interface st1.0delete routing-options static route...
View ArticleRe: SRX to ssg site-site vpn failing
Thnx VPN is up now , but i am not able to ping remote address ?
View ArticleRe: log traffic for the default deny policy not working
Hi Suraj Same error root@srx210# delete security zones security-zone Internet host-inbound-traffic system-services dhcp warning: statement not found Any ideas ? Thanks
View Article