Re: Strange IPsec behaviour between SRXs
Here are some more strange details:I can ping the devices in the 77-th subnet from SRX-01.I can NOT ping the devices in the 3-th subnet from the SRX-02. I can ping the SRX-01 from the devices in the...
View ArticlePhase 1 packet arrived from an unrecognized peer gateway
Trying to get a point-to-point VPN setup between a SSG and an SRX and can't get past the phase 1 error. Any help would be appreciated. Here are the configs:SSG: Untrust Addr: x.x.x.138, Trust Addr:...
View ArticleADSL Configuration help
Hello, I'm in the process of configuring a SRX110 to replace a SSG firewall thats currently in use, looking through the config here are the relavent bits with regards to the ADSL connection. set...
View ArticleRe: Phase 1 packet arrived from an unrecognized peer gateway
Hello,Most likely, You have a typo in the config: set ike gateway "TO_HQ" address x.x.x.117 vs Error from SSG - Rejected an IKE packet on ethernet0/0 from x.x.x.177:500HTHThxAlex
View ArticleRe: SRX Support for DHCP with special routing instances?
as a server - i'm working off of this KB http://kb.juniper.net/InfoCenter/index?page=content&id=KB29401&actp=RSS as you mentioned below and it seems to be working partially....although it is...
View ArticleDual ISP, Redundant VPN, and FBF -- working, but tunnels dropping every 10-25...
Hello All, I am having trouble with the mentioned setup, hoping someone may have a suggestion. The idea is to have our remote site with 2 different ISPs to handle internet traffic depending on protocol...
View ArticleRe: Phase 1 packet arrived from an unrecognized peer gateway
Thanks, that was a great catch. My tunnel is up now but I can only ping in one direction, from the SRX to the SSG. I can't ping from the SSG to the SRX. I am guessing that it must be a policy issue....
View ArticleRe: ADSL Configuration help
here is a snip from one of our configs. hope this helps. model SRX110 set interfaces at-1/0/0 encapsulation ethernet-over-atmset interfaces at-1/0/0 atm-options vpi 0set interfaces at-1/0/0...
View ArticleRe: Phase 1 packet arrived from an unrecognized peer gateway
Hello, When pinging from SSG to SRX across the tunnel, the src.IP is taken from Your eth0/0 because You unnumbered tun.1 to eth0/0.Unnumber tun1. to bgroup0 and add this line set interface bgroup0...
View ArticleRe: Phase 1 packet arrived from an unrecognized peer gateway
When I ping from the SSG I specifgy bgroup0 as the source interface. I also am able to ping from the SRX side to a server on the SSG side but cannot ping from the SSG network server to the SRX side....
View ArticleRe: Dual ISP, Redundant VPN, and FBF -- working, but tunnels dropping every...
Ok... not really sure why this would have worked, but it seems adding 'no-anti-replay' on both ends has resolved the tunnel dropping. I will continue to monitor and confirm if this was indeed the fix.
View ArticleLooking to hire!
I am the CTO for Independent Technology Group (ITG) a Los Angeles, California based Juniper Networks Elite reseller partner. We are expanding and looking to hire a mid to senior level engineer with...
View ArticleRe: mix AC and DC power supplies in SRX cluster
I have not seen this listed in the SRX documentation, but the MX series which uses the same basic chassis, does specifically say you CANNOT mix AC and DC power in the same chassis. When testing these...
View Article[request feature] dual control / fab on branch srx
hi guys, are there any documents that will point out having branch srx devices with dual - control / fab links? will there be any enhancements like this in the 14 .x version? thank you,dwayne
View ArticleRe: HA Cluster Loopback Interface during failover
Hi Mahmoud, if your cluster is A/P , just use reth interface as VPN endpoint , it is much more simpler than loopback and has same banefits , also you will not need the intra-zone policy.
View ArticleRe: HA Cluster Loopback Interface during failover
Hi By design, there is only RG0 and RG1, RG1 is for the all interfaces and only this RG1 failover to the second firewall if one of the monitored interfaces were down.But for sure the RG0 will failover...
View ArticleDont get DHCP on second VLAN??
Hi.Dont know what is wrong.. But i can get my 2. VLAN to give out any DHCP here is the config. am i doing something wrong.## Last changed: 2016-01-26 21:32:06 GMTversion 12.1X44-D35.5;system {...
View ArticleRe: Dont get DHCP on second VLAN??
Hello,Your vlan.2 interface does not belong to any zone and "system services dhcp" is not enabled on Your vlan.2 interface.HTHThxAlex
View ArticleWhy is the SRX using NAT-T for the IPSEC?
Recently I did changes on one of our SRX devices which introduced the need of NAT-T enabled on other devices.I dont get why this is needed with the new configuration.Let me explain =)Source NAT has...
View Article