Re: Allow ping to public address from SPECIFIED public address(s)
AshivinO, I tried your suggestion, did not work.Thanks
View ArticleRe: export network between routing instances
rsuraj wrote: Can you check if there is any other import policy? If yes, we need to make sure the last term on that policy states "next-policy" instead of "reject". You may use below comman to check if...
View ArticleRe: srx1500 HA Control Port
thanks for your quick answerI understand a 10G would not be officially supported, but can it work though ?thanks
View ArticleRe: ipsec vpn config on MX80 MIC card
Hello,I can see Your troubles start after this line: Sep 19 14:52:24 [10.42.131.81 <-> 10.42.147.32] kmd_pm_ike_match_remote_id: Remote ID check failed, Received ID(type = dn (9), len = 82, value...
View ArticleRe: srx1500 HA Control Port
No it won't work. A standard SFP port will only support 1G optics. You need an SFP+ port to be able to use 10G optics. This is a basic hardware standard, nothing to do with support for the config or...
View ArticleRe: export network between routing instances
Yes, your policy chain has three policies. APN03_public SWu_Route SES_Ruta So the final chain looks like this: set policy-options policy-statement APN03_public term 1 from instance Trust-vrset...
View ArticleRe: SRX 340 OSPF Advertise entire /23 when only portions of the subnet...
I'm not sure I follow the problem, but I think what you describe is the behavior of OSPF. The area will send the same routes to all the ABRs and you can't send different routes to different ones.
View ArticleRe: SRX 340 OSPF Advertise entire /23 when only portions of the subnet...
My apologies for not being clear. I want to only send my aggregate routes to area 0.0.0.0. I had assumed that the following would send ospf default route to all areas/interfaces but only send the...
View ArticleRe: Comit error message
Hi, Rebooting the SRX would take care of the message. Regards,Sahil Sharma---------------------------------------------------Please mark my solution as accepted if it helped, Kudos are appreciated as...
View ArticleClik here to view.
Re: ipsec vpn config on MX80 MIC card
Hi aarseniev, Where can I found local-id and remote-id FQDN ? Is there any command to varify that in cli on juniper?
View ArticleRe: ipsec vpn config on MX80 MIC card
Hello,You could decode the logs to get them: 3050312d 302b0603 55040313 244b3931 34333131 36313434 2e6e6f6b 69617369 656d656e 736e6574 776f726b 732e636f 6d311f30 1d060355 040a1316 4e6f6b69 61205369...
View ArticleRe: Allow ping to public address from SPECIFIED public address(s)
Hi, You would probably need a combination of host-inbound services allowed and security policies permitting the traffic to junos-host...
View ArticleRe: How to configure IPSec RemoteVPN on new branch SRX?
Hi, 15.1X49-D60 was released a few hours ago with support for Remote access VPN client (dynamic vpn). No need for third party solutions anymore.
View ArticleRe: How to configure IPSec RemoteVPN on new branch SRX?
Thanks for great info. Will test that and edit this post. In old boxes 2 dynamic VPN connections where on the box and for more we needed license. What about new SRX300 which doesn't have licenses for...
View ArticleRe: How to configure IPSec RemoteVPN on new branch SRX?
The CLI shows 2 licenses included with the box: root@srx300> show system licenseLicense usage: Licenses Licenses Licenses Expiry Feature name used installed needed dynamic-vpn 0 2 0 permanent I...
View ArticleRe: SRX 340 OSPF Advertise entire /23 when only portions of the subnet...
Hi, Non-ospf routes are considered as external routes [LSA Type 5] and have an interarea flooding scope, hence policies are applied globally and external routes are exported to all areas under ospf.set...
View ArticleRe: ipsec vpn config on MX80 MIC card
Yes, you are right. This is DNS I used in CA. So remote fqdn would be " nokiasiemensnetworks.com " or " K9143116144.nokiasiemensnetworks.com "? What about local fqdn ?
View ArticleRe: How to configure IPSec RemoteVPN on new branch SRX?
Just to confirm. Dynamic VPN on new software D60 is working and it is using the licenses installed on the box: License usage: Licenses Licenses Licenses Expiry Feature name used installed needed...
View ArticleRe: ipsec vpn config on MX80 MIC card
Hello,Please start with configuring the "remote-id" exactly the same as DN used in certificate on remote peer.You don't need to configure "local-id" yet.If IKE is again giving You probs, then You can...
View Article