Re: Site to Site VPN with both SRX's having dynamic IP's
Check this helpfull tool http://juniper.net/support/tools/vpnconfig
View ArticleRe: SRX cluster with routing instances
Hello,If You are using forwarding instances, interfaces can be in same zone because interfaces are not assigned to forwarding instances, they are "copied" there.The above won't be the case If You...
View ArticleSRX decrypts packets not matching IPsec SA
Hi, I encountered a situation that may totally change my understanding of how IPsec works ..., I need you guys help to clear my doubts. Refer to the following topology: HostA(70.36.241.106) -----SRX...
View ArticleRe: Not able to learn MAC of RETH interface
Hello,Make sure You have NOT configured reth3.0 with netmask /32: interfaces { reth3 { unit 0 { family inet { address 10.205.141.9/32; <=== WRONG!HTHThxAlex
View ArticleRe: Configure srx240 to ISP
Thank for your support SAM. Yes, it's solved. My issue was with NAT rule.I changed the static route to 0.0.0.0/0 next-hop 94.97.241.x (ISP gateway) then the internet is working fine but the subnet...
View ArticleRe: SRX won't allow users to select IKEv2 PRF
You can configure the proposal and specify the algorithms to match those on the ASA. Can you post the relevant SRX config? No proposal chosen is an indication of mismatch configurations.
View ArticleRe: Configure srx240 to ISP
Configure "filter-based forwarding" with two routing instances, a firewall filter to identify traffic and direct it the the appropriate routing instance, and instance-import to import the interface...
View ArticleRe: Allow IP Protocols
Did you have one with traffic in the reverse? from-zone Zone2 to-zone Zone1 { policy Anchor_Controler { match { source-address [ Controller2 Controller3 ];...
View ArticleRe: blocking video streaming using AppSecure
You are cpnfigurring junos:YOUTUBE. Try configuring junos:FACEBOOK. First look at the details and determine which ones you wish to block.Make sure that it is referenced in a security policy with the...
View ArticleRe: Configure srx240 to ISP
How can I configure "filter based forwarding" with two routing instances. I saw many examples but I'm confused. I want to configure the same source address to different outgoing interface. For...
View ArticleNAT64 on SRX 240H2 in Cluster
I am facing the following issue when I was setting up ipv6 NAT64 , VPN does not work when the below rule is enabled , I removed the below Static Nat statement and VPN started working again , here is...
View ArticleRe: SRX won't allow users to select IKEv2 PRF
Of course, this is ASA side configuration, ASA side anticipated me to match ikev2 policy 60 with sha-256 DH group 14 and PRF sha1, but I can not specify PRF algorithm sha-1 on SRX, they have to create...
View ArticleRe: NAT64 on SRX 240H2 in Cluster
you need an extra source nat to also convert the ipv6 source address toi ipv4 see my learning byte on exactly that topic NAT64 with DNS64...
View ArticleRe: Configure srx240 to ISP
Create a firewal filter with the correct match conditions; You want the most specific term to be the first term and to also account for all other traffic. term accept-all-other should be the last term...
View ArticleRe: Site to Site VPN with both SRX's having dynamic IP's
Thanks Mohammed but I have been to that link already. That tool doesn't allow dyanmic IPs at both end points.
View ArticleRe: SRX won't allow users to select IKEv2 PRF
I am guessing that the prf is the authentication algorithm which you would configure when you create the proposal using sha-1What is the prf? can you give a full description of it and we may be able to...
View ArticleRe: Configure srx240 to ISP
Hello , You can keep the following as reference : http://kb.juniper.net/InfoCenter/index?page=content&id=KB17223&actp=search Just you need to creat filters specifying destinations : 1) for...
View ArticleRe: Configure srx240 to ISP
lso make sure your IP addresses are properly configuredset security address-book global address inews-a 192.168.34.61/32 set security address-book global address server1 192.168.3.155/32
View ArticleQuestion about routings!!
Hey guys, I need help! I need do a routing, but I don't understand but how made in Juniper SRX240... I have this scenary:ge-0/0/0 = ISP1 (5 WAN IP ONE GATEWAY)ge-0/0/1= ISP2 (4 WAN IP ONE...
View Article