Re: One-way SCTP thru SRX345 on JunOS 15.1X49-D50.3
So, basically - SCTP FSM is broken in SRX branch and we cannot use this box for our SCTP-based applications. With all-allow policies the traffic doesn't get thru due to failing state machine/alg? Here...
View ArticleRe: Configuration assistance on SRX340
Hi Jonas, Thank you for the quick reply. I went into the CLI editor on JWeb and removed the other two gateways and the brackets around them and did a commit and reboot. Still no luck. Do the brackets...
View ArticleRe: Configuration assistance on SRX340
Hi Jonas, I forgot to mention I am able to ping the SRX outside interface from the outside. However, I cannot ping either of the two internal NAT'd hosts or ports. This is what the config looks like...
View ArticleAllow all host hiding NAT and inbount Static / Destination NAT?
Hi, firstly, very sorry, but I'm new to SRX and will probably use non-Juniper terminology. I have a pair of SRH 100H working fine.Two zones: trust and untrust.A simple two-legged SRX with a leg in...
View ArticleRe: Configuration assistance on SRX340
Have you tried telnetting to your destination nat ports? You haven't allowed icmp in the ruleset (junos-icmp-all or junos-icmp-ping) so ping will never work. at the same time you cannot use ping on...
View ArticleRe: Allow all host hiding NAT and inbount Static / Destination NAT?
Check out these NAT examples. https://kb.juniper.net/library/CUSTOMERSERVICE/technotes/Junos_NAT_Examples.pdf 1- source nat interface is page 5 2- destinaton nat port forwarding on page 9
View ArticleRe: vlan interface apparently not up without fe-0/0/x ethernet-switching...
Sam, FYI I tried that and it did not work. I wanted to put the loopback interface into family ethernet-switching, but that apparently is disallowed. So I settled for putting it in the same zone as my...
View ArticleClik here to view.
Re: Allow all host hiding NAT and inbount Static / Destination NAT?
Thanks for the reply. Because it automatically appears to do the source NAT (which I still find weird) behind the interface, I didn't realise I needed to configure it explicitly. When I did the stuff...
View ArticleRe: QoS hub-spoke IPSec tunnels
Hi, If I understand correctly vlan.1000 is the WAN interface and ingress where the MF classifier is being applied.You would need the schedulers to be applied on the egress interface too [assuming...
View ArticleRe: One-way SCTP thru SRX345 on JunOS 15.1X49-D50.3
Hi, You're probably right. SCTP seems to be supported on the following only:SRX1400, SRX3400, SRX3600, SRX5400, SRX5600, SRX5800 Would be good if there's confirmation from J-TAC or other Juniper...
View ArticleRe: QoS hub-spoke IPSec tunnels
I wish we're able to apply shaping directly on the st0 interfaces... perhaps one day. But until then... https://kb.juniper.net/InfoCenter/index?page=content&id=KB30186&actp=searchneed to use...
View ArticleRe: vlan interface apparently not up without fe-0/0/x ethernet-switching...
The correct way is to advertise lo0's address using a routing protocol so that it is reachable irrespective of the state of either your transit or revenue links. In your case it would be over the...
View ArticleTrouble with policy-based vpn
Hello, I'm trying to setup a site to site policy-based vpn between a SRX240 and openswan running on a debian box So far phase 1 and 2 seems to be established. I can ping from the linux box to the...
View ArticleRe: Trouble with policy-based vpn
Hi, The SRX would be receiving a delete notification from the StrongSwan side, hence is shows the same in the output. One reason the ping is not working could be that the SRX is initiating the pings...
View ArticleRe: Trouble with policy-based vpn
Hello Thank you for your reply It doesn't work either: root@XXX> ping 10.10.0.236 source 192.168.2.1 PING 10.10.0.236 (10.10.0.236): 56 data bytes
View ArticleRe: vSRX 15.1 D50 cannot add ge- interfaces
Dear Ashok ,Many thanks for replaying ,I follow your steps.But no interfaces appeare (show interface terse)... just fxb0so what can i do?please find attachment.thank you in advance.
View ArticleRe: System Archival different then file copy via scp?
Hi, I used the same config and I could see system archival sent to the scp server successfully.I then tried to reproduce the problem by adding an incorrect key but the archival was still successful....
View ArticleRe: Configuration assistance on SRX340
Hi Jonas, I tried to telnet to the internal servers and ports over the weekend and had no luck. I did however get Juniper to provide me with access to the latest Junos release for the SRX340. I will...
View ArticleRe: vSRX 15.1 Pass-through Authentication Web Redirect Issue
@SahilSha......yes pop-up appears....for anything...telnet,ftp etc etc.. Maybe this is a bug in vSRX 15.1..as it was before this junos OS Regards.
View ArticleClik here to view.
SRX 300 - How to disable transparent mode
Previously we used SRX100 and SRX110 routers. Now we have switched to the SRX300 and there's a lot of problems getting our old configs to run on it. It seems to boil down to this new transparent mode....
View Article