Re: Trouble with policy-based vpn
HI, When you do root@XXX> ping 10.10.0.236 source 192.168.2.1 which policy is your traffic hitting? Show security flow session destination-prefix 10.10.0.236 It should hit your VPN policy....
View ArticleClik here to view.
Re: SRX 300 - How to disable transparent mode
Hello, You need to use the command "set protocols l2-learning global-mode switching" and then commit and reboot the SRX 300 once to change it from transparent mode to the way SRX100 used to work. Also...
View ArticleRe: Trouble with policy-based vpn
@anand10 : No particular reason, so i removed itThanks for the tip
View ArticleRe: Trouble with policy-based vpn
Are these logs matching the time of your testing? [Aug 7 03:08:19]KMD_INTERNAL_ERROR: kmd_show_sa_tunnel_info: 1294: sending show info for SA: INSTANCE-IPSEC-VPN_0004_0010_0000[Aug 7...
View ArticleRe: PIX/ASA to Junos converter
Hello Does it exist an update version at this time?????????
View ArticleRe: SRX 300 - How to disable transparent mode
Thanks mate, I'll give it a try tomorrow. I knew there must be a command somewhere but couldn't find it online, I think the SRX300s are very new. The online converter tool unfortunately gives the...
View ArticleSite to site vpn UP 100second and down 20second all the time problem.
I have to try site_to_site vpn. Main office has static IP ja remote office has dymamic IP. The connection is UP 100sek and then its go down about 20sek, and UP again all the time.I am beginner in...
View ArticleRe: Site to site vpn UP 100second and down 20second all the time problem.
Hi, The last tunnel down reason is seen as follows :- Last Tunnel Down Reason: VPN monitoring This means that VPN monitoring is causing your tunnel to be down when it does not get a response from the...
View ArticleRe: Trouble with policy-based vpn
No they don't particularly match I tried to plug a laptop to the network 192.168.2.0 and i have been able to ping the server in 10.10.0.0/16 subnet.the point is i can't ping from within the juniper,...
View ArticleRe: QoS hub-spoke IPSec tunnels
Ashvin, Unfortunately, that did not make a difference. Also, the show commands do show the appropriate scheduler map and classifier being applied to the interfaces.
View ArticleRe: QoS hub-spoke IPSec tunnels
Hi samc, I had seen a few things on using virtual channels but my SE had initially thought to use the method from the original post. I had modified to use virtual channels with the following but it...
View ArticleRe: System Archival different then file copy via scp?
Hi Ashvin, Thank you for your response. I'll give it a go with another setup (completely isolated from mine) and by SSH server key on the NAS. I'll report back :-) Gr, DanVer
View ArticleRe: logging traffic - log server
Hi @SmartNET, I'm trying to parse my SRX Logs to my ELK Stack too. Can you provide some email or private message to help me?Are you using the patterns of junos? Or you wrote you own? Thanks in advance
View ArticleSRX300 ipsec VPN to Amazon VPC without BGP = complete fail
I've spent more than a week trying to figure this out and at a total loss. I've followed all the steps provided by Amazon, used the configuration they supplied, and have no idea how to...
View ArticleRe: SRX300 ipsec VPN to Amazon VPC without BGP = complete fail
Hi, Looks like we are not getting a response from the other side. #set security ike traceoptions file test1 size 2m files 2#set security ike traceoptions flag all#commit>request security ike...
View ArticleRe: SRX300 ipsec VPN to Amazon VPC without BGP = complete fail
looks as if starting from the 5th packet of phase1 exchange, NAT-T is recognized: ike_send_packet: <-------- sending SA = { caca4f81 5cf535f6 - d201dbee ac425781}, len = 92, nego = -1, local ip=...
View ArticleRe: Trouble with policy-based vpn
Hi, Only when you initiate an end to end ping will the traffic pass through a policy based VPN. This is because the VPN encryption domain is formed by what is specified in the policy. So both the...
View ArticleClik here to view.
Re: SRX 300 - How to disable transparent mode
Yes, that solution worked PulkitBset protocols l2-learning global-mode switchinggot the router out of transparent mode However, now we have another problem. We can't ping the interfaces on the...
View Article