SRX650: After the RG0 switchover, the Node 0 traffic is abnormal.
Dear anyone, The master control plane switches from Node1 to Node0. The master data plane is on Node0. Node0 traffic abnormality occurred. SRX650 [12.3X48-D30.7]; Node0 found some log, Dec 30 00:26:48...
View ArticleHow to prefer BGP route over IPsec VPN generated static route
Hi, all, I have a unique situation I don't have an obvious answer for. We have the need to interconnect with a customer by using MPLS-VPN circuit as the primary and IPsec VPN as backup, say we...
View ArticleRe: L2TP through SRX
I have just seen this thread https://forums.juniper.net/t5/SRX-Services-Gateway/Destination-NAT-Port-Forwarding-Passthrough-for-VPN/td-p/264271 Would this be the solution?
View ArticleRe: Apple iPhone/iPad VPN to Juniper SRX - now possible!
Hi all, Thanks for this wonderfull pdf with all the information!!! I'm having only issue at one of the last step with the configuration of the srx. I tried every possible combi but none did work. Im...
View ArticleSRX 320 Client VPN - number of clients limitation?
Hi all,I was trying hard to clarify if the 2 concurrent client VPN-s is still a limitation in Model: srx320Junos: 15.1X49-D45I remembered I had to buy and install licenses for a customer who needed...
View ArticleRe: How to prefer BGP route over IPsec VPN generated static route
Hi there,Easy, as always with JUNOS :-)Under Your BGP group add this line:preference <number less than reverse static route preference>I can't remember what is the reverse static route...
View ArticleRe: SRX 320 Client VPN - number of clients limitation?
Yes, you need to buy license for additional users. AFAIK, you can transfer the existing licenses from existing SRX1XX and SRX2XX to the SRX3XX devices. You may call the Juniper customer care for the...
View ArticleRe: SRX 320 Client VPN - number of clients limitation?
rsuraj is right, 2 concurrent users is still the limitation without buying extra licenses. Please note that dynamic vpn is only present on SRX300 series from 15.1X49-D60 an onwards - so you won't find...
View ArticleRe: SRX 320 Client VPN - number of clients limitation?
If there will be more than two simultaneous user connections, install a Dynamic VPN license in the device. Dynamic VPN is a licensed feature for SRX-Branch devices. By default, a two user evaluation...
View ArticleRe: SRX 320 Client VPN - number of clients limitation?
Hi Python, not entirely true. In later releases you can see the 2 concurrent users via 'show system license': jh@fw> show system license License usage: Licenses Licenses Licenses Expiry Feature name...
View ArticleRe: SRX 320 Client VPN - number of clients limitation?
Yes, jonashauge. You are right with the "show outputs". My earlier statement with show outputs was confined to legacy Junos; which got modified later. -Python#Please mark my solution as accepted if it...
View ArticleRe: SRX340 High CPU temperature
Hi Folks,Please find the recommended SRX340 Services Gateway Environmental Specifications,...
View ArticleRe: SIEM cannot received log when SRX using stream mode?
Hi sahilsha, Why when i change the security log mode stream then i cannot see syslog such as login in and login out. I can see log RT-FLOW only. Is it because the stream mode on forwarding plane only...
View ArticleRe: How to prefer BGP route over IPsec VPN generated static route
I think in that case you would need to set the default preference for static routes to be higher than BGP and then your other static routes you would have to set them to prerefence 5 or whatever value...
View ArticleRe: Apple iPhone/iPad VPN to Juniper SRX - now possible!
Hi all, Thanks for this wonderfull pdf with all the information!!! I'm having only issue at one of the last step with the configuration of the srx. I tried every possible combi but none did work. Im...
View ArticleIP Phone VPN at my wits end
Box is an SRX 320, v 15.1X49-D45I'm at my wits end. I've done this before with an SRX... But I can't seem to make it work on this box. It's an Avaya phone with an IPSEC vpn client builtin trying to...
View ArticleRe: IP Phone VPN at my wits end
Hi JayNEC, policy-based VPN was initially removed from the 15.1X49 software train but was reintroduced in 15.1X49-D50. VPN client support was also initially removed and the reintroduced in 15.1X49-D60....
View ArticleRecommended IKE and IPSEC Security Parameters
What are the recommend security parameters (authentication, encryption, dh groups, etc.) for the IKE and IPSEC VPN phases?
View ArticleRe: SIEM cannot received log when SRX using stream mode?
Hi, In stream mode logging, the traffic logs (RT_FLOW) are sent directly from the PFE to the syslog server in order to offload the RE from processing these. Hence you will not be able to see them in...
View Article