Re: SRX340 HA Cluster Strange Behaviour on Reth Interface - Unknown Egress...
And then the same monitoring - with the Reth2 interface disabled.
View ArticleSite 2 Site VNP with overlapping networks srx300 to srx240
Hi!I have the followig problem:Site A: Network 192.168.12.0/22Site B: Network 192.168.20.0/24 (Networks 192.168.13.0/24, 192.168.14.0/24 and 192.168.15.0/24 are assigned to other services on Site B)How...
View ArticleRe: Site 2 Site VNP with overlapping networks srx300 to srx240
I think I messed something up in the policies.I cannot check it right now since I don't have access to the srx300. I will have a look at the policies tomorrow and post my results ;-)
View ArticleRe: Site 2 Site VNP with overlapping networks srx300 to srx240
You do need to use nat on both sides to resolve the conflict. The example config is...
View ArticleVirtual chassis for Ex2300 or Ex3400
Dear all,I will buy juniper 2x Ex2300 or 2x Ex 3400.I want to use virtual chassis in those two switches(only two switch).when i read data sheet and tech book,it is not clear.So i would like to knowCan...
View ArticleRe: Site 2 Site VNP with overlapping networks srx300 to srx240
In the example I have on both side the same /24 network.In my example I habe one one side a /22 network that includes 4 of my /24 networks on the other side.So my thinking was, that I only need to NAT...
View ArticleRe: Site 2 Site VNP with overlapping networks srx300 to srx240
I configured source and destination NAT rule-sets: Site A source-nat:set security nat source pool pool1 address 172.21.8.0/22 set security nat source rule-set rule-set1 from zone Internal set security...
View ArticleRe: Site 2 Site VNP with overlapping networks srx300 to srx240
Isn't it more simple to do static nat on the srx300 like shown below? That would at least be my approach. This example will static nat 192.168.12.0/22 one-to-one to 172.21.8.0/22 when traffic arrives...
View ArticleRe: Site 2 Site VNP with overlapping networks srx300 to srx240
Thanks Jonas! That's it!My first approach was to do a static nat, but I configured the 192.168.20.0/24-net as destination address... Thumbs up!
View ArticleRe: Site 2 Site VNP with overlapping networks srx300 to srx240
Yes you only need to nat the actually overlapping addresses not the entire 22. You do both sides to allow either to be the initiator in the example. If the traffic always initiates one way then only...
View ArticleCreating a DMZ setup
I have a simple consumer grade ADSL router that has a DMZ configured to a local ip of 192.168.1.1 . At this address sits the WAN interface of an OPNsense box. This is configured as an end point for VPN...
View ArticleRe: Creating a DMZ setup
You would need to do a destination NAT for the OPNsense box. Depending on how many public IPs you have will depend on how this is done, and also what type of traffic OPNsense uses (SSL VPN vs IPSec...
View ArticleRe: Creating a DMZ setup
To be frank I don't 'need' a full dmz-like setup. Here's some of the finer detail (i.e. what I need to achieve):- The OPNsense box terminates 3x SSL tunnels using UDP ports 1194, 1195, 1196...
View ArticleRe: SRX220, SRX-MP-1VDSL2-A and VDSL Vectoring
@karand I am currently running JUNOS Software Release [12.3X48-D70.3] However, my firmware is currently showing: Part Type Tag Current Available Status version versionFPC 1 PIC 0 VDSLBCM 10 2.10.0...
View ArticleSRX to SRX VRRP not running
Hi All, can you please confirm what i could be missing here.. I am simply trying to get VRRP working between two SRX devices, config to follow (same config on both sides other side using .216); set...
View ArticleRe: SRX to SRX VRRP not running
As Wojtek indicates this has not been supported until recently. Your SRX cluster needs to be running at least Junos 18.1R1 to support this functionality: VRRP and VRRPv3 support on redundant Ethernet...
View ArticleRe: Creating a DMZ setup
There could be many reasons for that. As for the VPNs, you would just need to do a destination NAT for those UDP ports to forward the traffic to your OPNsense box. set security nat destination pool...
View ArticleSRX 4100 with HA
Dear Sir,I would like to use SRX 4100 with HA. May I know.I would like to know can i use 1G or 10 G DAC cable for HA links (control and fab ports) ?i might use 1 G sfp or 10 SFP + module ?if i use SFP...
View Article