Hi,
Our office internet has been very unstable past few days. In the past the internet goes down and up, but once the internet comes back up, our SRX100 has connection as well. Our SRX has been working fine for almost 4 years without a problem with the same configuration, updating the Juno OS when necessary. The last update was over a year ago. But now I am encountering a very weird problem with our SRX100 at random it loses connection to the internet even if there is internet connection. I checked the logs but no error messages are displayed. What's most odd is that I can still ping the ISP's gateway, but nothing beyond that (eg. 8.8.8.8).
Only by requesting a system reboot, we are able to access the internet again but randomly (anywhere from 1 hour to 6hours) it will lose connection again and requires another reboot. Our modem status indicates there is internet connection and we can access the internet when we directly connect a pc to the modem. I have tried powercycling our modem but it does not change the fact that the SRX can't reach outside. Only rebooting the SRX fixes this issue.
I get this error message when I try to ping Google's DNS after losing internet connection on our SRX:
PING 8.8.8.8 (8.8.8.8): 56 data bytes
ping: sendto: No route to host
ping: sendto: No route to host
show route 0
0.0.0.0/0 *[Access-internal/12] 11:25:34
> to XXX.XXX.XXX.97 via fe-0/0/0.0
[Access-internal/12] 06:33:58
> to XXX.XXX.XXX.97 via fe-0/0/0.0
[Access-internal/12] 06:33:58
> to XXX.XXX.XXX.97 via fe-0/0/0.0
[Access-internal/12] 05:39:27
> to XXX.XXX.XXX.97 via fe-0/0/0.0
[Access-internal/12] 05:39:27
> to XXX.XXX.XXX.97 via fe-0/0/0.0
[Access-internal/12] 04:47:02
> to XXX.XXX.XXX.97 via fe-0/0/0.0
[Access-internal/12] 04:47:02
> to XXX.XXX.XXX.97 via fe-0/0/0.0
[Access-internal/12] 03:53:30
> to XXX.XXX.XXX.97 via fe-0/0/0.0
[Access-internal/12] 03:53:30
> to XXX.XXX.XXX.97 via fe-0/0/0.0
[Access-internal/12] 03:00:08
> to XXX.XXX.XXX.97 via fe-0/0/0.0
Our ISP provides our office with a dynamic ip so I have the untrust interface setup as DHCP. When we lost connection I am still able to get an IP address through dhcp, I am able to release and renew the fe-0/0/0.0 but unable to gain access to internet even after renewing the ip. Restarting the DHCP process does not bring back the internet on the SRX.
show system services dhcp client
Logical Interface name fe-0/0/0.0
Hardware address XX:XX:XX:XX:XX:XX
Client status bound
Address obtained XXX.XXX.XXX.98
Update server disabled
Lease obtained at 2017-07-24 13:54:13 UTC
Lease expires at 2017-07-24 14:50:54 UTC
DHCP options:
Name: server-identifier, Value: XXX.XXX.XXX.1
Code: 1, Type: ip-address, Value: 255.255.255.224
Name: router, Value: [ XXX.XXX.XXX.97 ]
Name: name-server, Value: [ 208.67.222.222, 208.67.220.220 ]
show system services dhcp statistics
Packets dropped:
Total 0
Messages received:
BOOTREQUEST 0
DHCPDECLINE 0
DHCPDISCOVER 36
DHCPINFORM 448
DHCPRELEASE 0
DHCPREQUEST 96
Messages sent:
BOOTREPLY 0
DHCPOFFER 36
DHCPACK 518
DHCPNAK 0
I also tried troubleshooting the following but the problem still occurs:
1)changing the interface that connects to the modem, fe-0/0/0 to fe-0/0/1, fe-0/0/2 but the regardless we still get the same problem.
2)setup fe-0/0/0/.0 with a static ip and static route, we get connection at first but eventually the problem comes back
3)request system storage cleanup
4)Updating the Junos OS to the latest version (12.3X48-D50.6)
5)Zeroized the SRX and did a factory reset, problem still occurred using the factory default configuration
The SRX is currently using this configuration which is the factory default configuration:
set version 12.3X48-D50.6
set system name-server 208.67.222.222
set system name-server 208.67.220.220
set system services dhcp router 192.168.1.1
set system services dhcp pool 192.168.1.0/24 address-range low 192.168.1.2
set system services dhcp pool 192.168.1.0/24 address-range high 192.168.1.254
set system services dhcp propagate-settings fe-0/0/0.0
set system syslog archive size 100k
set system syslog archive files 3
set system syslog user * any emergency
set system syslog file messages any any
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands error
set system max-configurations-on-flash 5
set system max-configuration-rollbacks 5
set system license autoupdate url https://ae1.juniper.net/junos/key_retrieval
set security screen ids-option untrust-screen icmp ping-death
set security screen ids-option untrust-screen ip source-route-option
set security screen ids-option untrust-screen ip tear-drop
set security screen ids-option untrust-screen tcp syn-flood alarm-threshold 1024
set security screen ids-option untrust-screen tcp syn-flood attack-threshold 200
set security screen ids-option untrust-screen tcp syn-flood source-threshold 1024
set security screen ids-option untrust-screen tcp syn-flood destination-threshold 2048
set security screen ids-option untrust-screen tcp syn-flood timeout 20
set security screen ids-option untrust-screen tcp land
set security nat source rule-set trust-to-untrust from zone trust
set security nat source rule-set trust-to-untrust to zone untrust
set security nat source rule-set trust-to-untrust rule source-nat-rule match source-address 0.0.0.0/0
set security nat source rule-set trust-to-untrust rule source-nat-rule then source-nat interface
set security policies from-zone trust to-zone untrust policy trust-to-untrust match source-address any
set security policies from-zone trust to-zone untrust policy trust-to-untrust match destination-address any
set security policies from-zone trust to-zone untrust policy trust-to-untrust match application any
set security policies from-zone trust to-zone untrust policy trust-to-untrust then permit
set security zones security-zone trust host-inbound-traffic system-services all
set security zones security-zone trust host-inbound-traffic protocols all
set security zones security-zone trust interfaces vlan.0
set security zones security-zone untrust screen untrust-screen
set security zones security-zone untrust interfaces fe-0/0/0.0 host-inbound-traffic system-services dhcp
set security zones security-zone untrust interfaces fe-0/0/0.0 host-inbound-traffic system-services tftp
set interfaces fe-0/0/0 unit 0 family inet dhcp
set interfaces fe-0/0/1 unit 0 family ethernet-switching vlan members vlan-trust
set interfaces fe-0/0/2 unit 0 family ethernet-switching vlan members vlan-trust
set interfaces fe-0/0/3 unit 0 family ethernet-switching vlan members vlan-trust
set interfaces fe-0/0/4 unit 0 family ethernet-switching vlan members vlan-trust
set interfaces fe-0/0/5 unit 0 family ethernet-switching vlan members vlan-trust
set interfaces fe-0/0/6 unit 0 family ethernet-switching vlan members vlan-trust
set interfaces fe-0/0/7 unit 0 family ethernet-switching vlan members vlan-trust
set interfaces vlan unit 0 family inet address 192.168.1.1/24
set protocols stp
set vlans vlan-trust vlan-id 3
set vlans vlan-trust l3-interface vlan.0
↧
SRX losing internet connection at random
↧