Re: site to site vpn for policy-based issue
Hello, Please confirm if you have the security policies configured on site B and site A SRX firewall to allow the traffic initiated from site B to site A. if not then please configure the security...
View ArticleRe: site to site vpn for policy-based issue
Hello, I confirmed the security policies on both SRX. But it doesn't work. Do I need to configure NAT ?
View ArticleRe: site to site vpn for policy-based issue
Hi , Can you apply flow trace on the site B srx and check if the correct security policy ( which has the ipsec-vpn called) is being used to allow the traffic. If some other security policy is being...
View ArticleRe: site to site vpn for policy-based issue
just one VPN connect to SITE A. and site B no any configure to NAT
View ArticleSRX NAT internal routing issue side effect.
A few weeks ago, I posted an issue whereby internal users in the trust zone couldn't access servers also in the trust zone that had static NAT set up in the untrust zone using public url or ip address....
View ArticleRe: SRX 110 ADSL Configuration (Australia)
Kol wrote:Hi Brzxc, I had the same issue, fixed by increasing the MTU of the ATM interface: set interfaces at-1/0/0 mtu 1540I believe the MTU setting under a physical interface on Juniper is the total,...
View ArticleRe: site to site vpn for policy-based issue
Hi, Can you paste the config from both sites to the post.Also can you run the flow traceoption from site B to site A and attach it to the post.Please paste the output of the below command too: >show...
View ArticleRe: pppoe VPN Site-to-Site VSRX problem in configuration
Hello again....as I see there is no interest of this...maybe I should post more clues! Please take a look: This is the result of my new configuration show configuration version 15.1X49-D40.6;system {...
View ArticleRe: pppoe VPN Site-to-Site VSRX problem in configuration
Hi, Few queries to clarify the details: # As per your first post , both ends are v.SRX2.0 , and has public ip address. So does both the end have a pp0.0 interface to communicate to the internet?# Are...
View ArticleRe: SRX won't boot and won't start "loader.
Second device dosn't see any usb devices and when we test a voltage using electric meter on usb port there is nothing from start SRX to shutdown. This device is dead and there is nothing that we can...
View ArticleRe: Replacing a SSG5 with SRX100H2 in branch office
well we reverted back to the SSG5 and once i updated it to the new PSK, it connects right up. I will likely try this again this weekend, so if anyone can provide some helps/tips it would be GREATLY...
View ArticleI am unable to download software for SRX100
I am unable to download software for SRX100 I receive the error message You have encountered this error because your account privaleges do not permit access to the information of the service you...
View ArticleRe: I am unable to download software for SRX100
Hi,Your account isn't set up with the right security role. Please contact our customer-care team:http://www.juniper.net/support/requesting-support.htmland they'll get you set up.
View ArticleSRX cluster running two different versions of Junos. Easy fix?
I have an issue with our SRX240 firewall cluster. Due to oversight in the upgrade process, our secondary node was left running JUNOS 11, and our primary running 12.1X46-D40.2. I have a remote console...
View ArticleRe: pppoe VPN Site-to-Site VSRX problem in configuration
hemants thank you for reply, I am sorry that I was not so clear. Here is the reply to your questions #Both ends are vSRX and have public IP addresses which they take it through pp0.0 in order to...
View ArticleRe: SRX won't boot and won't start "loader.
Were you able to confirm or reformat the USB drives using fat32 format? Also instead of TFTP you can try the USB install, for this you don't need to boot to USB only have the install file on the USB...
View ArticleRe: Replacing a SSG5 with SRX100H2 in branch office
Looking closer at the two configurations, I think you have PFS enabled on the SRX but not on the SSG. Please try removing PFS from this policy. policy ipsec_pol_Colo_VPN { perfect-forward-secrecy {...
View ArticleRe: SRX cluster running two different versions of Junos. Easy fix?
Hi milkman, This should be easy .Just follow the steps that you have already mentioned.However, I would advise you to have a Maintenance Window scheduled in a worst case scenario.
View ArticleRe: SRX NAT internal routing issue side effect.
Hello Aaron , I have seen a similar case when using Static NAT , but once I changed to Destination NAT , it worked perfrectly . It may be an issue with DNS and static NAT . Can you try changing this to...
View ArticleRe: site to site vpn for policy-based issue
Hi, According to your command, I tired this: >show security match-policies from-zone internal to-zone internet source-ip 192.168.8.1 destination-ip 172.25.10.1 protocol tcp source-port 23234...
View Article