Re: site to site vpn for policy-based issue
Hi,Can you please cross check that the destination port on which traffic has been sent is 23234 ( I believe it should be a well know port like 80,443 , 22 etc depending upon your application) , unless...
View ArticleRe: pppoe VPN Site-to-Site VSRX problem in configuration
Hi, It is mandatory tyop have one end as static so that the remote end could initiate the ike negotiation to the static end. Imagine the suituation when both the ends are dymamic and are not aware of...
View ArticleRe: pppoe VPN Site-to-Site VSRX problem in configuration
Hello again hemants, I get it! So the general concept is the stabilization and not the technical parameter* behind it...We have very stable internet...so imagine that if I didnt reboot the xDSL router...
View ArticleSRX300 usb serial console driver - which one?
Hi, anyone in here who knows which (Windows) driver there should be installed to use the USB serial console port on the new SRX300 gateways? I'm not able to find information about which chipset that...
View ArticleRe: pppoe VPN Site-to-Site VSRX problem in configuration
Hi pilivazili, So if the ip remains static and doesn't chnage we should be ok.And if you still see the VPn to be down , can you please attach the ike debug taken at the SRX end when acting as responder...
View ArticleRe: site to site vpn for policy-based issue
Hi Hemant, Sorry for late reply, I have no way to solve the issue. I upload the site B configure. Would you like to help me verify the setting ? Many thanks!!! Best regards,THE-O
View ArticleDual ISP SRX, two Virtual Routers
I am hoping to get assistance on something I've seen multiple good replies to. Namely the non-bgp dual ISP SRX connection. My additional requirements are that I need static Nat pools to the same device...
View ArticleRe: Replacing a SSG5 with SRX100H2 in branch office
Thank you sir! Will hopefully be able to try sometime this week as remote resources allow.
View ArticleClik here to view.
Re: site to site vpn for policy-based issue
Hello, In the attached configuration from site B I do not see the any policies from zone internal to zone internet which is calling the VPN MM_MCO_VPN. As you have the policy from zone internet to...
View ArticleClik here to view.
Re: SRX300 usb serial console driver - which one?
Hello, Please check if the USB console driver available on the below link works for you. http://www.juniper.net/support/downloads/?p=srx550#sw Please follow the below link to set this up....
View ArticleRe: SRX340 route is Reject
Thanks for your reply Steve. As fas as I understand it, the zone is configured: security-zone INBMGT { description "INBMGT zone"; interfaces { irb.71 { host-inbound-traffic { system-services { all; } }...
View ArticleRe: SRX300 usb serial console driver - which one?
Hi Pulkit, Thanks for the pointer! Technically the driver works BUT: it is so old that Windows 10 rejects the driver installation due to missing signing. I have to reboot and select some special...
View ArticleRe: Replacing a SSG5 with SRX100H2 in branch office
thanks but did not work. same error in the KMD log as before:IKE negotiation failed with error: Authentication failed. However the SSG140 says:2016-05-24 12:16:36 info IKE 2.2.2.2 Phase 2: Initiated...
View ArticleRe: SRX340 route is Reject
Hi Bern, Which version of Junos are you running? You should go for at least 15.1X49-D45 and if you are using irb-interfaces then add "set protocols l2-learning global-mode switching" Read this...
View ArticleRe: SRX340 route is Reject
Thanks Jonas, That fixed the problem. I had 15.1X49-D40.6 running as recommended by Juniper: http://kb.juniper.net/InfoCenter/index?page=content&id=KB21476&actp=search I upgraded to D45 and...
View ArticleClik here to view.
Connectivity Between 2 SRX
Hi, I have connected 2SRX diectly but not able to establish connectivity.Please find the below configuration interfaces { ge-0/0/0 { unit 0 { family inet { address 1.1.1.1/30; } } } ge-0/0/1 { unit 0 {...
View ArticleRe: Replacing a SSG5 with SRX100H2 in branch office
attached is full KMD log from around the time i switched back to PFE Group2. I also tried removing Proxy/remote id from SRX P2 but dont recall if it was in this capture.
View ArticleRe: Connectivity Between 2 SRX
Hello , Can you specify is it the normal L3 connection that you are setiing UP or VPN between the SRX ? If its normal L3 connectivity , please check for routes are the direct routes gettig populated on...
View ArticleIs the zone vpn a must for Route-based VPN?
Hi Experts, I am refering to the below link for route-based VPN. I see besides trust/untrust zone, another zone vpn-chicago is created. And the policy is between trust zone and vpn-chicago zone. But...
View ArticleSRX100 ARP cache problem
Hello, I have a ppp connection to the ISP through ADSL, and need ARP entries to be seen even if cached for a very short time. But I can only see static route's MAC through my pp0 interface in untrust...
View Article