Re: redistributing static routes
Hello , Try the following : policy-statement exportstatic1 { from protocol static; then { metric 10; accept; }}
View ArticleRe: How to check what exactly fail on static nat?
Hello , The failed session in NAT rule is when the traffic is hit with Static NAT rule and failed in policy lookup of route lookup . There is no specilized command to view failed session . Only if its...
View ArticleRe: redistributing static routes
Unfortunately changing the metric didnt work as its the route preference which determines whether its put in the forwarding table. By default ospf internal routes have preference 10 and ospf external...
View ArticleRe: VPN on SRX, can't reach protected resources
ty spuluka, but did all that allready... found out later then my coleague set up wrong GW on server... unreal. problem resolved.
View ArticleRe: redistributing static routes
Its clearer now. An internal route is one where the networks either exist in the same OSPF area or ajacent OSPF areas. An external route is a network/interface which isnt defined in an OSPF area. I...
View ArticleRe: "Request system autorecovery state save" failing trying to to create...
Hi Steve- thanks for the suggestion. I tried using the clear option first, but the subsequent save failed in the same way as before (see below). adminn@FW02> request system autorecovery state...
View ArticleRe: "Request system autorecovery state save" failing trying to to create...
Further to this, I've discovered that this device is running a very outdated 11.2R4.3. I can see JTAC recommended version for SRX210 is 12.1X46-D40.2 which I have downloaded. I'd like to know if it is...
View ArticleAutomatically set resuce config on regular basis
Dear Juniper Community, Actually running an SRX5600 cluster with Junos 12.3X48-D20. I'm looking for a command that would allow me to automatically set the rescue config on a customized regular basis....
View ArticleRe: SRX340 route is Reject
To ping interfaces you need to insure the desired protocols are enable for the zone that the interface is assigned to security > zone > security zone > NAME > host-inbound-servicesor for...
View ArticleRe: Automatically set resuce config on regular basis
Perhaps a commit script would be better than an event one. Without a configuration change there really is no need to save a new rescue configuration.
View ArticleRe: Automatically set resuce config on regular basis
Dear Steve, Any configuration templates / examples you could share ? Best regards.
View ArticleReplacing a SSG5 with SRX100H2 in branch office
We have a hub/spoke network with a SSG140 hub running ScreenOS 6.3.0r21.0 and several branches running SSG5's with no issues.We're testing a SRX100H2 JunOS 12.1X46-D40.2 due to SSG5 EOL and am having...
View ArticleRe: Automatically set resuce config on regular basis
On further thought the commit scripts intervene to change configuration before a commit is done. So we still want an event script but instead of running at a particular schedule we trigger this on...
View ArticleRe: Replacing a SSG5 with SRX100H2 in branch office
From the logs it looks like the SRX does not receive replies to the IKE requests but the SSG is responding. I think this might be because of the zone configuration on the SRX. You have IKE allowed at...
View ArticleRe: Replacing a SSG5 with SRX100H2 in branch office
thank you, i added IKE to the interface: security-zone Internet { host-inbound-traffic { system-services { ike; } } interfaces { fe-0/0/0.0 { host-inbound-traffic { system-services { https; ssh; ike; }...
View ArticleRe: Replacing a SSG5 with SRX100H2 in branch office
I started a kmd-logMay 22 13:10:46 Dallas_SRX kmd[1454]: IKE negotiation failed with error: SA unusable. IKE Version: 1, VPN: Colo_VPN Gateway: gw_Colo_VPN, Local: 2.2.2.2/500, Remote: 1.1.1.1/500,...
View ArticleRe: Automatically set resuce config on regular basis
Dear Steve, Both approaches are very interesting. I'll study PROs/CONs. Thank you for your feedback. Best regards.
View ArticleRe: Replacing a SSG5 with SRX100H2 in branch office
I deleted the VPN monitor config and started getting 2 SA:login@Dallas_SRX> show security ike security-associations Index State Initiator cookie Responder cookie Mode Remote Address 4733962 DOWN...
View ArticleRe: Replacing a SSG5 with SRX100H2 in branch office
Praying someone can help me overnite so i can get this tunnel up by tomorrow morning. Due to the syntax error, i created a new PSK and it was entered on both sides. Now the KMD Log shows this:May 22...
View Articlesite to site vpn for policy-based issue
Hello, I configure the policy-based VPN between to site A and Site B. Unfortunately, it have some issue for that. Site A' PC can ping/remote to site B' PC, but the site B' PC can't ping/remote to site...
View Article