Re: export network between routing instances
spuluka wrote:Yes, your policy chain has three policies. APN03_public SWu_Route SES_Ruta So the final chain looks like this: set policy-options policy-statement APN03_public term 1 from instance...
View ArticleQOS question - phsyical port speed override?
Hello, First, I'm very new to QOS and learing quickly on the fly. Basically the QOS configs kind sucked, my boss (CCIE) tasked me with wiping them out and redoing them from scratch for the enterprise....
View ArticleRe: QOS question - phsyical port speed override?
Hi Configuration similar to this one should be helpful (if this is SRX) interfaces { ge-0/0/1 { per-unit-scheduler; unit 0 { family inet { ... } } } class-of-service { interfaces { ge-0/0/1 { unit 0 {...
View ArticleRe: Ipsec tunnel down when ike lifetime reached
Hi Do you have exactly the same Junos version on the other device? Also, do you have IKE enabled in host-inbound-traffic on external zone?
View ArticleRe: srx 3400 policy with both ipv6 and ipv4 addresses?
we found the problem. there was an upstreaming ipv6 node that was down.
View ArticleClik here to view.
SRX1500 SSL Proxy Signing hash
We have SSL proxy service running on our SRX1500 and everything is working. The minor issue I have is that the certificate presented to users (generated by the SRX1500) is signed using a SHA1 hash...
View ArticleRe: QOS question - phsyical port speed override?
her is the config i had, i had to rollback since it wasnt working please excuse the ez-qos just using it to biuld and help wrap my head around things right now pk wrote:Hi Configuration similar to...
View ArticleDynamic VPN on a SRX650 chassis cluster with 12.3x48
Can a Dynamic VPN be configured on a SRX650 chassis cluster with junos 12.3x48? If it is not supported, what is the reason? My investigations so far:================Dynamic VPNs need Policy Based...
View ArticleRe: ipsec vpn config on MX80 MIC card
One of the solution would be to bypass ike id check: https://kb.juniper.net/InfoCenter/index?page=content&id=KB27302&actp=search In SRX, this done in " security ike gateway " hierarchy. However...
View ArticleRe: Ipsec tunnel down when ike lifetime reached
Hello, Yes exact same version : Hostname: gateway01Model: srx240h2-poeJUNOS Software Release [12.1X44-D35.5] Hostname: gateway02Model: srx240h2-poeJUNOS Software Release [12.1X44-D35.5] my security...
View ArticleRe: IP Sec VPN with Checkpoint and Proxy ID
Hi Jonashauge Thanks for you help , I found error on juniper [1297]: IKE negotiation failed with error: SA unusable. IKE Version: 1, VPN: XXX Gateway: XXXX, Local: xx.xx.xx.xx/500, Remote:...
View ArticleRe: Telnet Command
Also be aware that this telnet connection will be self traffic from the SRX so will come from the junos-host zone. So if you are using this as a test for security policies, it will generally not work...
View ArticleRe: Simply cannot get SNMP working on SRX240
from-zone Trust to-zone Trust { The zone for traffic going to the SRX itself is junos-host for the security policy not the zone of the interface. You will also need to permit the traffic under the...
View ArticleRe: SRX1500 SSL Proxy Signing hash
If you have your own CA internally, like a MS server environment, your best bet is to issue a certificate request from the SRX to your internal CA and then load and use that certificate. These will be...
View ArticleRe: Simply cannot get SNMP working on SRX240
Hey spuluka, I did that but I finnaly found the solution to my problem. I had to enable routing instance access and had to define my routing instances in my snmp communities. community public {...
View ArticleRe: Unable to ping default gw from SRX240 cluster Node0 using fxp0
Hi Ashvin, Idid this and I get the following: setnoc@SRX240-SNC-CLUSTER-NODE-0> monitor traffic interface fxp0 matching icmpverbose output suppressed, use <detail> or <extensive> for...
View ArticleRe: Unable to ping default gw from SRX240 cluster Node0 using fxp0
Hi Rsuraj, Thanx for your reply. I did what you suggested, but this but did not help: set groups node0 system host-name SRX240-SNC-CLUSTER-NODE-0set groups node0 system backup-router 172.24.0.1set...
View Articlehow to bypass remote-ike-id check on MX80 MIC
Hello Guys, Could you help me to bypass remote-ike-id check on MX80 MIC? I configured site-to-site vpn and in logs I get: Oct 5 11:20:46 [10.42.131.130 <-> 10.42.147.32]...
View ArticleClik here to view.
Re: Juniper SRX240H2 FPC 0 PIC 0 CPU utilization
Yes, I see. I've figured out this myself too, but just needed some confirm on this Thanks for reply.And as documentation says, I can't run NAT on SRX in packet mode?
View ArticleBAD SPI messages in the event log ( Juniper SRX )
Hi I have a question about IP Sec VPN Connection Checkpoint > Juniper Some times I found error message from Juniper SRX [1297]: IKE negotiation failed with error: SA unusable. IKE Version: 1,...
View Article