Dual ISP - First VPN drop causes Second VPN drop
On SRX240, there are two separate ISP each with static IP. Other end has two different static IPs. In normal operation there are two separate tunnels up, BGP fills routing table with routes over both...
View ArticleBridge tagged logical interfaces
Hi all,I am using SRX 220 as gateway to ISP. Two VLANs from ISP are terminated as a L3 logical interfaces as below:ge-0/0/0 { per-unit-scheduler; vlan-tagging; encapsulation flexible-ethernet-services;...
View Article[ipv6] proxy-ndp without nat?
Hi - My ISP provides myself with a "flat" /48 ipv6 subnet (not routed). I have assigned an IP/64 to the "untrust" interface of my SRX240 (junos 12.1X47-D25.4) and set the default gateway. I can ping6...
View ArticleRe: Bridge tagged logical interfaces
Hello,Use VPLS instance for that: interfaces { ge-0/0/0 { per-unit-scheduler; vlan-tagging; encapsulation flexible-ethernet-services; unit 34 { encapsulation vlan-vpls; vlan-id 34; family vpls; } }...
View ArticleRe: Junos Space cannot discover SRX chassis cluster using SNMPv3?
Hi all, just to update that my problem already solved. Confius between authentication-key with authentication password Thanks
View ArticleSRX Sub-Interface Not sending ARP requests out
Hey Team, Looking for your assistance with a weird issue we are having on our SRX3400 Chassis Cluster. Environment: SRX3400 Chassis Cluster - 12.1X46D40.2 (JTAC Recommended) Issue: We upgraded this...
View ArticlePlease Help with SRX550 Routing between Amazon and ISP
Hello, I'm not a JunOS expert but learning fast, if you could assist I would be greatly appreciated. I setting up an SRX550 to be the gateway for our office to route traffic between ISP and AWS. We...
View ArticleRe: SRX Sub-Interface Not sending ARP requests out
Team this issue is resolved. We had ip addresses on fxp0 on the same subnet. Never had an issue when we were on 11.4R5.5. Maybe 12.1X46D40.2 implemeneted some strict checks , causing arp problem. After...
View ArticleRe: Dual ISP - First VPN drop causes Second VPN drop
Hello , This is because both the VPN gatways are using ISP 1 by taking the default route : route 0.0.0.0/0 next-hop 1.1.1.1; So create 2 routes : 5.5.5.5 next hop ISP16.6.6.6 next hop ISP 2 This...
View ArticleRe: Please Help with SRX550 Routing between Amazon and ISP
Hello , Here you need is to have simple filter based forwarding , ie DNS request ---> ISP 10.0.4.1 Rest all --> BGP So make the ISP 10.0.4.1 in a virtual router and create a firewall...
View ArticleClik here to view.
zone_id vs name
Hi, Making a traceoption under security alg, we've received output, which is not clear. Is there any possibility how to recognize the relation between the (src_\dst_)zone_id with its canonical name....
View ArticleRe: zone_id vs name
Dear Radek, Not sure if this is what you are looking for but you can try this one:start shellcd /var/etccat security_zone.id and search your zone
View ArticleClik here to view.
Re: zone_id vs name
Dear Michal, Thank you for pointing into solution. You're right thank you
View ArticleBroadcast Vlan
Hi, I have created 4 vlans in a network. however there is a device that it is transmitting broadcast traffic in a Vlan but I want that this traffica can reach the others Vlans. can I do it?? I have...
View ArticleSRX logs in Wireshark
It would be very useful if set security flow traceoptions had an option to save the file in a format readable in Wireshark.
View ArticleRe: SRX logs in Wireshark
Hi, Because there is a difference between packet-sniffer and packet-analyzer .https://ask.wireshark.org/questions/6737/packet-analyzer-vs-packet-sniffer You can always use one of those two options to...
View ArticleRe: Broadcast Vlan
You'll need a layer 2 switch connected between the VLANs because the SRX will stop broadcast from flooding into another layer 3 network, that's the fundamentals of routing. You could try using...
View ArticleAutomatically generated static route for route-based site-to-site IPsec VPN
Hi, I have a route based IPsec VPN to a customer, assume the traffic-selector is 1.2.3.4/32 to 5.6.7.8/32, the vpn is bound to st0.1, when the vpn comes up, a static route to 5.6.7.8/32 is...
View ArticleRe: Broadcast Vlan
Hi, Thanks for your respond.I had checked the direct ip broadcast but I didn'tachieve my goal.The probles is that I have 7 VLANS and I havent enought ports to connect to. Switch.Thanks in advance
View ArticleRe: Automatically generated static route for route-based site-to-site IPsec VPN
Hello , For this make st0.2 as qualified-next hop , so that once st0.1 goes down only st0.2 will take effect . set routing-options static route x.x.x.x qualified-next-hop st0.2
View Article