Re: Need HELP! SRX cluster with BGP
Thank you for your response. I can get over a drawing. I agree one Reth would be better, but whenever we try that we run into an issue. With one Reth I need both Internet feeds whether from the...
View ArticleRe: Remote web proxy with local IP address, FBF via tunnel?
Hi, If this is an MPLS domain you manage, you could create another vrf and FBF the traffic on that vrf in a hub-and-spoke design with the hub vrf exporting 2 different route-targets. Cheers,Ashvin
View ArticleNew install - Testing worked, implementation broke
I've been configuring a SRX-300 the past couple weeks - first time setting one up from scratch.We have a /29 from comcast and currently use two of the addresses in production.Our internal network is...
View ArticleRe: New install - Testing worked, implementation broke
Hi, you should just configure both external IPs with the /29 instead of /32 - if you use the /32 mask, then next-hop for you comcast connection isn't reachable. Your interface should look something...
View ArticleRe: Remote web proxy with local IP address, FBF via tunnel?
Hi Ashvin0, Thanks for your reply. Unfortunately, this MPLS is a managed service and I guess they will not be very happy creating this work around for us...
View ArticleRe: New install - Testing worked, implementation broke
I dont think I should accept the solution until I test it but I am sure you know a lot more than me and are correct.At least I know I am not a complete fool, just mostly a fool.Once I saw the /32 I...
View ArticleRe: IPSec Tunnel on linux
Open Swan is a package that supports Ubuntu for site to site IPSEC VPN. https://www.openswan.org/
View ArticleClik here to view.
Re: Filter ICMP Packets
Hey guys, I´m BackI got the solution to this case.The problem was the reply and icmp session.I did the comand "set security flow sync-icmp-session" because this command do not inspection the reply,...
View ArticleSRX Dual-ISP Issue
Hi guys, I am facing a issue between a branch and HQ, we have on branch a srx 300 with 2 ISP, both are MPLS so the internet will access only from the HQ. We created some rib groups to fail-over between...
View ArticleRe: SRX Dual-ISP Issue
Hi, From the traceroute, it looks like traffic is hitting VR ISP1 [192.168.13.1] and then looping probably due to the default route.Do you have a route for 10.13.0.1 on ISP1.inet.0 or ISP2.inet.0 show...
View ArticleRe: SRX Dual-ISP Issue
Hi AshvinO, ge-0/0/0.0 is under inet.0 I dont have any route under ISP1 and ISP2 except 0.0.0.0/0. I am also thinking about create a route to 10.13.0.0/20 under both VR redirecting to inet.0 table,...
View ArticleRe: One-way SCTP thru SRX345 on JunOS 15.1X49-D50.3
Hi, Is there any chances traffic is being load balanced and some return packets for that session is assymetric:Aug 1 11:56:07 11:56:06.291369:CID-1:RT:Conflict session (365626) is VALID state Aug 1...
View ArticleRe: SRX Dual-ISP Issue
Hi, That would probably work for the inbound traffic. You could use rib-groups as well to export the interface route from inet.0 to ISP1 & ISP2.How about the outbound traffic from interface...
View ArticleClik here to view.
quality of service for beginner
Hello guys,i need help.I've a customer with a srx220h and an internet connection via satellite of 6mps.This customer have 5-6 vpn with branch office in an hub and spoke topology, this srx220h is the...
View ArticleRe: quality of service for beginner
Hi, You could use a policer to rate limit http traffic . Example:firewall { family inet { filter HTTP { term HTTP { from { port [ http https ]; } then { policer HTTP; count HTTP; accept; } } term ELSE...
View ArticleClik here to view.
Re: quality of service for beginner
hello Ashvin,thank for your kinldy reply.I put the policier in outbound and seems to work i'll ask you a question if i can:how is it possible that there is a match in "inbound" traffic?Because i think...
View ArticleSRX VPN
Need assistance...not a "Juniper guy" We have a site with SRX100 that lost it's config. This site connects with another site via VPN (SRX240) Firewall. which I have access to. I can ping the VPN...
View ArticleRe: One-way SCTP thru SRX345 on JunOS 15.1X49-D50.3
Hi, No, there is no ECMP or asynchronous routing: two zones, one interface per zone (one interface is a tunnel). Both sides continiously trying to open the connection to each other (sending INIT)...
View ArticleRe: SRX VPN
Hi, On the SRX 240, check the ike gateway using the command :->show security ike and find out the gateway corresponding to the SRX100 site. It would have an "address" which you have to configure on...
View ArticleRe: SRX Dual-ISP Issue
I think about create a new static route inside the vrs to route to lan, how do you thinkijg about it? Any suggestion?
View Article