Re: How often are domain names updated in address book?
Hi Every DNS record has its time to live (TTL) and SRX was using this time as an update period when I tested it some time ago.
View ArticleRe: SRX doesn't resolve internet domain names
Hi You need to provide more details, maybe your full configuration except passwords and public IPs. I have no problem pinging to www.juniper.net from my SRXs. DNS is also 8.8.8.8. Maybe DNS requests...
View ArticleRe: srx web application where to start
Hi Sounds like you want to develop an automation script! The best way to start IMHO is to read the book "Automating Junos Administration" (recently...
View ArticleRe: address/address-set under nat destination
Hi, Thnak you very much for your reply!Can you please give me more info about that? Why this is necessary? I would like to understand that!Thanks!
View ArticleRe: srx web application where to start
Hi pk I am refering to the default web interface to manage SRX, for whatever reason our SRX are currently managed via cmd line. thanks for the suggestion, I think starting with CLI then a webfront end...
View ArticleRe: IPsec Phase II SA active but not Phase I SA
Hi Phase 1 (IKE) SAs have typically a smaller lifetime than Phase II (IPSEC) SAs, but only when the phase II is renegotiated or dropped and built up the Phase-1 will be needed and reestablished So...
View ArticleRe: IPsec Phase II SA active but not Phase I SA
Hi, The Phase 1 and Phase 2 have different lifetimes.When the Phase 1 lifetime expires, re-negotiation for Phase 1 is initiated automatically.In you situation, it is possible that the renegotiation for...
View ArticleRe: SRX doesn't resolve internet domain names
Hi, Please check if you have any firewall filters blockign DNS on your Loopback or External interface. Regards,Sahil Sharma---------------------------------------------------Please mark my solution as...
View ArticleRe: address/address-set under nat destination
Hi, Suppose your internal Server IP address is 192.168.1.10 and you have a public IP from the ISP, suppose 9.9.9.9. You want to host various applications on the internal server working on different...
View ArticleRe: SRX 110 - SIP call cannot resume from on-hold
Hi, When i have sip alg set to disabled, all my extensions work and the ONLY problem is that on hold issue. -- Understood when i enter the "set security alg sip retain-hold-resources" command with sip...
View ArticleRe: AX411 not working with 12.1X46-D52.1
I gave up unfortunately, just unplugged the AX411 and am back to wired only.
View ArticleRe: SRX 110 - SIP call cannot resume from on-hold
sahilsha, Thanks for your reply. I cannot view the bug link. It comes out as null. I will try and perform an upgrade when i have downtime and see if it works. However, i am on the JTAC recommended...
View ArticleClik here to view.
Re: IPsec Phase II SA active but not Phase I SA
Hello, IMO it is possible in scenarios where the phase 1 SA has timed out but the phase 2 SA are still active and running. In such situations the phase 1 negotiation will not start untill DPD or phase...
View ArticleRe: SRX 110 - SIP call cannot resume from on-hold
Hi, The version you are running is affected by this PR.Moreover, the recommended versions have been updated recently, please go through the following link...
View ArticleSRX300 and dynamic VPN not supported
I was setting up a dynamic vpn on the new SRX300 running JunOS 15.x code and was getting authentication errors and was told by tech support that its not supported. Anyone have a different experience?
View Articlejuniper srx SSL cert update
Hello, I would like tu update my selt signet certificate. What I did: request security pki generate-key-pair certificate-id test-gw-2016 size 2048 request security pki generate-certificate-request...
View ArticleRe: srx340 as a switch and gateway router
not to mention remote access VPNs also arent supported yet, just had this issue last night and confirmed with JTAC.
View ArticleRe: SRX300 and dynamic VPN not supported
Hi Dynamic VPN is not supported on new SRX boxes (such as SRX300).
View ArticleFirewall conversion
Hello, I want to know if it is possible to convert our Firewall ASA 5540 configuration file to Juniper SRX 5400. If this is how is it done for the conversion?As part of this move, The SRX 5400...
View ArticleRe: IPsec Phase II SA active but not Phase I SA
Hmm, my understanding is when Phase I life time expires or Phase II re-negotiates, phase I re-negotiation process will be triggered, my phase I life-time is 8 hours, phase II life-time is 1 hour, but I...
View Article