Clik here to view.
WAN to pfSense throug Juniper SRX240H
Hello there!I have a simple question for expert administrator's, but for me it's very hard.We have this net scheme - simple view:We have changed ISP, and new ISP gived to us two external IP...
View ArticleRe: WAN to pfSense throug Juniper SRX240H
Hello, wrote:We have changed ISP, and new ISP gived to us two external IP addresses:217.22.xxx.162/30 with gateway 217.22.xxx.16262.213.yyy.86/30 with gateway 62.213.yyy.85 Are these two /30...
View ArticleCan Ping Internet from 1 of IPs on Interface, Can't Ping from the Other
Hi All, I have an SRX240H2 connected directly to the internet. I have an interface configured for a couple of addresses. I want to be able to reach the internet from this device, from a particular...
View ArticleRe: Can Ping Internet from 1 of IPs on Interface, Can't Ping from the Other
If you don't specify a source, then it will be sourced with the IP on the interface outbound to the Internet. Which interface is that?
View ArticleRe: Can Ping Internet from 1 of IPs on Interface, Can't Ping from the Other
The interface is the one I provided: ge-7/0/0. I had expected the primary configuration to kick in and if there is no source specified, then traffic destined to the internet will be using that primary...
View ArticleRe: Can Ping Internet from 1 of IPs on Interface, Can't Ping from the Other
It should work as you say.Can you check what address is being used when you don's specify source argument?One way to check is to run ping to 8.8.8.8 in one console window and in another runshow...
View ArticleRe: Can Ping Internet from 1 of IPs on Interface, Can't Ping from the Other
Hi Wojtek, It appears to be using the 1.1.1.1/30IP, not my primary address. Thomas
View ArticleRe: Can Ping Internet from 1 of IPs on Interface, Can't Ping from the Other
Session ID: 40431, Policy name: self-traffic-policy/1, State: Active, Timeout: 56, Valid In: 1.1.1.1/4 --> 8.8.8.8/11024;icmp, If: .local..0, Pkts: 1, Bytes: 84 Out: 8.8.8.8/11024 -->...
View ArticleSRX210 with VDSL2-A MPIM Vectoring firmware update
Hi Support I have a SRX210 with VDSL2-A MPIM installed. The current firmware of the MPIM is 2.10 which doesn's support VDSL vectoring. would it be possible to supply a download link for firmware that...
View ArticleSrx mikrotik ospf
Hello Need help with debugging ospf connection between srx and mikrotik. There is ipsec tunnel and gre tunnel over ipsec, ping is working bothways but ospf is stuck in init state, is it mtu issue or...
View ArticleRe: Srx mikrotik ospf
Setting ignore mtu mismatch for OSPF is generally a good idea when doing interop. It is almost always needed. The trace also seems to indicate you don't have a router id set under routing options.
View ArticleRe: SRX210 with VDSL2-A MPIM Vectoring firmware update
If the file you need is not posted in the downloads area, you need to open a JTAC support case to request the it. https://www.juniper.net/support/downloads/
View ArticleRe: Srx mikrotik ospf
Where should i add the command to ignore mtu mismatch? Also router id is specified under routing-options. Il add the config of both devices (lab environment and both routers are directly connected)....
View ArticleRe: Srx mikrotik ospf
wrote:Setting ignore mtu mismatch for OSPF is generally a good idea when doing interop.No, setting ignore MTU mismatch is not a good idea. There is a reason OSPF refuses to bring up an adjacency by...
View ArticleRe: Srx mikrotik ospf
Hi,Ospf network type is not matching at both ends. SRX side it is point-to-point and Microtik side it is broadcast. Change it to point-to-point at Microtik side. Remove authentication for...
View ArticleRe: Srx mikrotik ospf
Currently cant test it but before i made this thread i did test broadcast and ptp, same result, but i changed only mikrotik side. Maybe i should change srx side to broadcast? Tryed to set gre tunnel...
View ArticleClik here to view.
SRX 1400 commit error
Hello I'm having the following problem when I try to commit changes after configuring any kind of NAT or while trying to modify any Interface. Any help would be greatly appreciated
View ArticleRe: Can Ping Internet from 1 of IPs on Interface, Can't Ping from the Other
self-traffic-policy/1, Seems this it doesnt has policy for untrust. Is this interacfe binded to any security zone and also does it has policy ? Because in flow session it showing that you traffic is...
View ArticleRe: Can Ping Internet from 1 of IPs on Interface, Can't Ping from the Other
I can confirm that the interface ge-7/0/0 is in a security zone, and there are policies in place for the zone. See the session flow: Session ID: 11790, Policy name: self-traffic-policy/1, State:...
View ArticleRe: SRX 1400 commit error
As the error message says the certificate validation is failing and hence it is not allowing you to commit the config. Most often it is related to the date and timestamp mentioned in "Not-Before" and...
View Article