Re: Training / Troubleshooting: L2Circuit via Access Ports
Hello,To do any kind of MPLS on SRX You need to put them in packet mode first:https://kb.juniper.net/InfoCenter/index?page=content&id=KB30461HTHThxAlex
View ArticleRe: 802.1p and MPLS EXP CoS Rewrite on SRX300/SRX1500
Hi, I assume rewrite-rules [remarking] are part of standard CoS configuration options as it is an essential building block for E2E QoS in a network. Cheers,Ashvin
View ArticleRe: SRX240 dual ISP
No, you associate interfaces or sub-interfaces with the VR. So if the ips were in ranges that could be associated with a subnet on an interface, then yes. Otherwise you need to use the filter based...
View ArticleSRX IDP Local Updates
Please do not post the link to the PDF for doing offline security package updates. Already have that and managed to manually download the files. The issue now is that it becomes a completely manual...
View Articlelt-0/0/0 interface on SRX345 cluster
Hello everyone. I'm configuring a new SRX345 cluster running 15.1X49-D50.3. I'm trying to use an lt-0/0/0 interface so that I can bring up OSPF between my master routing instance and my MPLS routing...
View ArticleClik here to view.
Re: lt-0/0/0 interface on SRX345 cluster
Just found this Juniper KB: https://kb.juniper.net/InfoCenter/index?page=content&id=KB28204&actp=RSS Quote, "As of Junos 12.1X45, logical tunnel (lt-0/0/0) interfaces are supported on Branch...
View ArticleRe: lt-0/0/0 interface on SRX345 cluster
Hi lt-interfaces are not supported in branch SRX clusters (they are only supported in standalone mode), seehttps://kb.juniper.net/InfoCenter/index?page=content&id=KB28204&actp=search
View ArticleRe: IGMP Issue
Just wanted to give a quick update on my thoughts. From what i've been trying it looks like i have to enable the 232.0.0.0/8 range as SSM but i cannot find where i should do it. Is there any simple way...
View ArticleRe: SRX240 dual ISP
Hi Steve, See diagram and config of what im working on. Its still not working Kindly help review Sam
View Articlevpn connection behind a nat device
Hi Juniper experts, we really need your help as this has been ongoing now for 2 weeks. we have configured another vpn on our srx firewall, phase 1 and 2 are up but host to host connection is not...
View ArticleRe: SRX110 VLAN & Wireless
I suspect the missing "services/dhcp-local-server/group" entries might be a problem <g>
View ArticleRe: lt-0/0/0 interface on SRX345 cluster
Hi, Just wandering if you need tunnel services enabled:[edit chassis]root@MX# show fpc 0 { pic 0 { tunnel-services { bandwidth 1g; } } }Not sure if this is required on SRX.On MX if tunnel-services is...
View ArticleRe: vpn connection behind a nat device
The vpn connecting with either 500 or 4500 only affects the communications for the IPSEC traffic itself and not the encapsulated tunnel. So I don't believe this is related to your issue. Typically a...
View ArticleRe: lt-0/0/0 interface on SRX345 cluster
That configuration is not required on the SRX. Pretty sure the issue is the lack of support for the feature in clusters on the SRX branch as noted above. SRX Logical Tunnel...
View ArticleRe: No ping Proxy-ARP from LAN/DMZ
Hello, I checked this link https://kb.juniper.net/InfoCenter/index?page=content&id=KB21785&actp=search and now i have more details for this problem :>show security nat proxy-arp interface...
View ArticleRe: No ping Proxy-ARP from LAN/DMZ
Hi, Are you able to ping that IP address from the next-hop ? Regards,Sahil Sharma---------------------------------------------------Please mark my solution as accepted if it helped, Kudos are...
View ArticleRe: vpn connection behind a nat device
Hi, Please apply security flow traceoptions for the traffic which is not working and provide the output.Config example for the flow traceoptions is available in the link below...
View ArticleRe: No ping Proxy-ARP from LAN/DMZ
Hi ! Yes i can ping IPs (in proxy-arp) from Internet. Thanks.Charlie
View ArticleRe: No ping Proxy-ARP from LAN/DMZ
Hi, Those IP addresses are in the same /29 range as on the SRX interface. I believe that is the reason you are not able to ping them from the SRX itself. This should not impact on any access to those...
View Article