wtmp not being generated
I noticed on SRX1500 and SRX5400 that /var/log/wtmp isn't being created thus show log user gives-------------------------------------------------------------------------- last: /var/log/wtmp: No such...
View ArticleSRX VPN licenses
HelloI'm thinking of getting a SRX240 or 300 for my lab for JNCIA preparation as well as for replacing my pfSense gateway box.Not sure though how the VPN licensing is with those SRX you find on ebay.Is...
View ArticleRe: SRX VPN licenses
HI davorin, there is no license limitations on site-to-site VPN connections. The license limitation is regarding VPN clients (dynamic vpn). You get 2 concurrent connections included in the base system...
View ArticleRe: From trust to trust zone for two internal network
You will need to confirm that you have a nat rule and policy in place. source nat and security policy from zone trust to untrust needs to cover the new subnet 192.168.30.0/24
View ArticleRe: architecture/config question
I assume the log is from the originating site. This seems to confirm that your security policy is working. Is there a log on the security policy at the hub site that shows the traffic has arrived?If...
View ArticleRe: SRX VPN licenses
Ah that is great to know :-) Which would be a better box to use as I see both the SRX240 and SRX300 close in pricing on ebay...though I like the fact theSRX300 comes with 2 SFP slots... Think the...
View ArticleRe: SRX VPN licenses
The SRX240 platform has been announced end of life so no new features will show up. Buying a SFP-module for the SRX240 will be very pricy as well so I would recommend looking at the SRX300 - and as a...
View ArticleRe: architecture/config question
thank you for the reply - it turns out the solution here was more simpler than I had anticipated. It was just a matter of recognizing that the rule on that central fw had to be inbound/outbound on the...
View Articledestination net unreachable with virtual-instances
Hello Juniper Experts, I hope you can help me out.I have the following issue :When i am using routing-instances for multiple isp connections the routing will fail when i create a very simple config...
View ArticleRe: destination net unreachable with virtual-instances
Hi, It appears that 192.168.10.0/24 network is in default inet.0 and there is no route to the destination in inet.0 You may need to use filter based forwarding on the ingress interface fe-0/0/5 to...
View ArticleRe: From trust to trust zone for two internal network
Thanks everyone. All my problem had been resolved. I did not put the Proxy arp for the public ip address to ge-0/0/2. P. Wong
View ArticleRe: destination net unreachable with virtual-instances
Hi AshvinO, I am using instance-type virtual-routerIn the example you showed me they are using insance-type forwardingI don't know if that is a problem but when i looking at the following article they...
View ArticleRe: destination net unreachable with virtual-instances
Hi, Could you check if the default route is active in inet.0.Also could you check if the interface-routes are imported into inet.0, i.e if routes for the next-hops [1.1.1.6 & 2.2.2.6]are...
View ArticleRe: destination net unreachable with virtual-instances
Hi Ashvin, No routes present when i enter those commands. root@srx100> show route table inet.0 0.0.0.0 root@srx100> show route table inet.0 1.1.1.6 root@srx100> show route table inet.0...
View ArticleRe: destination net unreachable with virtual-instances
when i add the following line set routing-options static route 0.0.0.0/0 next-table isp1.inet.0the 0.0.0.0/0 route is now as expected in the inet.0 routing table but will always go outside though...
View ArticleRe: destination net unreachable with virtual-instances
Hi, You could import interface-routes in inet.0 using rib-groups:set routing-instances isp1 routing-options interface-routes rib-group inet ispassuming next-table is being used in the RIs to direct...
View ArticleRe: destination net unreachable with virtual-instances
d*mn i'm pulling out my hairs here. i'm not really unfamiliar with routers/firewalls in general but i just don't get this.I don't get the point of rib-groups.what is a rib group doing. In my opinion it...
View ArticleRe: destination net unreachable with virtual-instances
Hi, Do you see interface routes in inet.0 now?show route table inet.0 protocol directThe static default route config should still be present:set routing-options static route 0.0.0.0/0 next-hop...
View ArticleRe: destination net unreachable with virtual-instances
This is what i see root@srx100# run show route table inet.0 inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 1.1.1.0/29 *[Direct/0] 00:27:52...
View ArticleRe: destination net unreachable with virtual-instances
Hi,If static default route is configured in inet.0, then traffic to internet should be ok.set routing-options static route 0.0.0.0/0 next-hop 1.1.1.6Am not sure what you meant by "still not the routes...
View Article