Re: SRX300 TCP-MSS
Hi,It's fixed in D70https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1213775
View ArticleSite to site VPN not able to use the second public IP address
I had configured primary public ip address for Dynamic VPN connection on SRX220H2 and it is working now. Right now, I like to user second public ip address for site to site VPN connection. No matter, I...
View ArticleRe: Site to site VPN not able to use the second public IP address
You can specify the addressset security ike gateway gw_BFSQLMW-WarehouseB local-address 218.255.187.43But I am not confident that it will work as the IP address 218.255.187.43 is not a "secondary" IP...
View ArticleRe: No more variables left in this MIB View (It is past the end of the MIB tree)
Does the view full-mib exist? set snmp view full-mib oid .1 include
View ArticleRe: Site to site VPN not able to use the second public IP address
Thanks. Just try it. Althought the VPN connection is still failure, the error shown the ip connection to 218.255.187.43 now. On my setting, this IP address had been set on Static NAT. If I change it to...
View ArticleRe: Site to site VPN not able to use the second public IP address
I don't really understand why you don't want to use 218.255.187.42 for the VPN.The IP 218.255.187.43 is already used for static NAT. You cannot use that IP.What you should is add a secondary IP to your...
View ArticleImporting SRX in JunosSpace and Address Object Conflict
Hi, We have multiple sites with SRX as a Internet Gateway. All Sites have their own Proxies. We have Address-book at each site have same Address-book name but all have different IP Addresses. Now I am...
View ArticleRe: Site to site VPN not able to use the second public IP address
Oh. The IP address 218.255.187.42 is reserved for Dynamic VPN user to inernal 192.168.0.x network and we like to put 218.255.187.43 for two branch site to site VPN to connect internal another...
View ArticleRe: SRX100 and BT infinity problem
Hi Pantunes, thank you for being so patient wth this issue. I haven't found anything helpful in wireshark log (most likely due to my unfamiliarity with this program). Before I contacted Microsoft first...
View ArticleRe: No more variables left in this MIB View (It is past the end of the MIB tree)
The setting "set snmp view full-mib oid .1 include" solved my problem.Thanks.
View ArticlePolicy Based VPN - SRX210H to ASA5550
Hello I am attempting to configure a Site to Site VPN between two separte sites using a Juniper SRX210H and Cisco ASA5550. I can see that the ASA is able to sucessfully raise the tunnel, however when i...
View ArticleRe: Policy Based VPN - SRX210H to ASA5550
Hello,You are quite expectedly getting nonmatching proxy-ids betwen ASA and SRX: Nov 27 20:08:47 [IKEv1]: Group = XX.XX.XX.XX, IP = XX.XX.XX.XX, Rejecting IPSec tunnel:no matching crypto map entry for...
View ArticleRe: SRX100 VPN problem
The command that you gave me will not work. IF the 192.168.0.0/24 would you want the pool to be the same sub-net? source { rule-set nsw_srcnat { from zone [ Controls Gtown ]; to zone Internet; rule...
View ArticleInterface Zero in Jflow
Hi I've enabled jflow v5 on our Juniper v12.1X46The jflow packets contain a bunch of interface IDs that i can cross-reference from the ifindex values in snmp. no problem.However there is one...
View ArticleRe: Interface Zero in Jflow
Hello,This is expected if OIF cannot be determined.Are You using FBF/"then routing-instance" in FW filters, or have a static route with "next-table" nexthop?HTHThxAlex
View ArticleRe: SRX100 VPN problem
I see that you have changed your interface from vlan.1 to fe-0/0/2.0 and I did not notice when responding. The proxy ARP needs to be configured on the interface that needs to reply to the ARP requests....
View ArticleRe: SRX300 can't ping irb interfaces, or Google, or anything from terminal!
Hello , Can you try to remove the firewall filter from lo0 and check if that helps .
View ArticleRe: Importing SRX in JunosSpace and Address Object Conflict
Hello , We can avoid this conflict when you add initially to the Space SD , it will prompt for a option to creat duplicate of add as fresh .
View ArticleRe: SRX300 can't ping irb interfaces, or Google, or anything from terminal!
Thank you - yes sure enough that fixed it... I was recently playing around with only allowing an exclusive IP address from SSH'ing to the router from inside/outside. I guess there needs to be some...
View ArticleRe: SRX300 can't ping irb interfaces, or Google, or anything from terminal!
Hello , What you can do is to creat 3 rules under the ruleset :1 st rule : Allow SSH access to permitted IP 2nd Rule : Block SHH access to any other IPs3 rd rule : permitt everything . eg: root#...
View Article