I am in the process of configuring SRX100 for one of my clients and I am experiencing intermittent Internet connectivity issue. Here is my setup so far:
BT ADSL line:
BT Home Hub 3 – Hub is configured with public IP address of xyz.36.246.89/29 and it handles authentication. Internal LAN1 interface assigned with 192.168.0.2 address. Then LAN1 interface of the hub is connected to fe-0/0/0 interface of SRX100. I thought it will be simpler to leave BT to handle authentication because BT support tend to be fussy when you call them asking to check the line or the router in the event of Internet connectivity problems. They refuse to touch the router if it’s not their product hence having SRX100 as a router may cause problems in future while calling BT support for assistance. If there are any security concerns arising from having BT Hub 3 handling the authentication and SRX10 acting as firewall (as opposed to having only SRX100 acting as router and firewall) please let me know.
SRX100 – fe-0/0/0 interface is assigned with xyz.36.246.90/29 ip address and fe-0/0/1 is assigned with 192.168.0.1 address. And I have static route added as below:
routing-options {
static {
route 0.0.0.0/0 {
next-hop xyz.36.246.89;
metric 1;
Full SRX100 configuration file attached.
The SRX100 seems to be connected to internet and the traffic flows but when pinging any internet address from my LAN I am receiving response for 20 seconds and then pings drops for a minute or two and then it comes back online again and so on. When I connect my laptop directly to BT Hub the Internet connection is stable which makes me think that problem is with SRX100 configuration. Here is the outcome of my troubleshooting so far:
show interfaces fe-0/0/0
Physical interface: fe-0/0/0, Enabled, Physical link is Up
Interface index: 134, SNMP ifIndex: 508
Link-level type: Ethernet, MTU: 1514, Link-mode: Full-duplex, Speed: 100mbps,
BPDU Error: None, MAC-REWRITE Error: None, Loopback: Disabled,
Source filtering: Disabled, Flow control: Disabled
Device flags : Present Running
Interface flags: SNMP-Traps Internal: 0x0
CoS queues : 8 supported, 8 maximum usable queues
Current address: cc:e1:7f:b3:ba:xyz, Hardware address: cc:e1:7f:b3:ba:xyz
Last flapped : 2016-02-17 14:13:33 GMT (00:01:35 ago)
Input rate : 712 bps (1 pps)
Output rate : 2440 bps (4 pps)
Active alarms : None
Active defects : None
Interface transmit statistics: Disabled
Logical interface fe-0/0/0.0 (Index 71) (SNMP ifIndex 511)
Flags: SNMP-Traps 0x0 Encapsulation: ENET2
Input packets : 542
Output packets: 442
Security: Zone: Internet
Allowed host-inbound traffic : dhcp tftp http https ike ssh
Protocol inet, MTU: 1500
Flags: Sendbcast-pkt-to-re, Is-Primary
Addresses, Flags: Is-Default Is-Preferred Is-Primary
Destination: xyz.36.246.88/29, Local: xyz.36.246.90,
Broadcast: xyz.36.246.95
@SRX100 > show route 8.8.8.8
inet.0: 6 destinations, 6 routes (5 active, 0 holddown, 1 hidden)
+ = Active Route, - = Last Active, * = Both
0.0.0.0/0 *[Static/5] 00:02:10, metric 1
> to xyz.36.246.89 via fe-0/0/0.0
@SRX100> ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
^C
--- 8.8.8.8 ping statistics ---
3 packets transmitted, 0 packets received, 100% packet loss
@SRX100> ping xyz.36.246.89
PING xyz.36.246.89 (xyz.36.246.89): 56 data bytes
^C
--- xyz.36.246.89 ping statistics ---
4 packets transmitted, 0 packets received, 100% packet loss
@SRX100> ping xyz.36.246.90
PING xyz.36.246.90 (xyz.36.246.90): 56 data bytes
64 bytes from xyz.36.246.90: icmp_seq=0 ttl=64 time=1.618 ms
64 bytes from xyz.36.246.90: icmp_seq=1 ttl=64 time=0.389 ms
64 bytes from xyz.36.246.90: icmp_seq=2 ttl=64 time=0.367 ms
64 bytes from xyz.36.246.90: icmp_seq=3 ttl=64 time=0.367 ms
64 bytes from xyz.36.246.90: icmp_seq=4 ttl=64 time=0.365 ms
64 bytes from xyz.36.246.90: icmp_seq=5 ttl=64 time=0.369 ms
64 bytes from xyz.36.246.90: icmp_seq=6 ttl=64 time=0.361 ms
^C
--- xyz.36.246.90 ping statistics ---
7 packets transmitted, 7 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.361/0.548/1.618/0.437 ms
@SRX100> ping www.google.com
^C
@SRX100> ping xyz.36.246.88
PING xyz.36.246.88 (xyz.36.246.88): 56 data bytes
ping: sendto: Can't assign requested address
ping: sendto: Can't assign requested address
ping: sendto: Can't assign requested address
^C
--- xyz.36.246.88 ping statistics ---
3 packets transmitted, 0 packets received, 100% packet loss
@SRX100> ping 192.168.0.2
PING 192.168.0.2 (192.168.0.2): 56 data bytes
^C
--- 192.168.0.2 ping statistics ---
3 packets transmitted, 0 packets received, 100% packet loss
@SRX100> ping 192.168.0.1
PING 192.168.0.1 (192.168.0.1): 56 data bytes
64 bytes from 192.168.0.1: icmp_seq=0 ttl=64 time=1.776 ms
64 bytes from 192.168.0.1: icmp_seq=1 ttl=64 time=1.129 ms
64 bytes from 192.168.0.1: icmp_seq=2 ttl=64 time=0.346 ms
^C
--- 192.168.0.1 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.346/1.084/1.776/0.585 ms
@SRX100> traceroute xyz.36.246.90
traceroute to xyz.36.246.90 (xyz.36.246.90), 30 hops max, 40 byte packets
1 xyz.36.246.90 (xyz.36.246.90) 7.469 ms 1.504 ms 1.400 ms
@SRX100> traceroute www.google.com
^C
@SRX100> traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 40 byte packets
1 * * *
2 * * *
3 *^C
Your help will be very much appreciated.