Deal All,
I tried to configure srx240 to DIA circuit ISP with static IPs but faild. The srx is configured with the below configuration:
set version 12.1X44-D35.5 set system host-name SRX240STV set system time-zone MET set system root-authentication encrypted-password "$1$WZ9iX6Mv$/PPfq6cuHFigpqD2dfK6.." set system name-server 10.1.1.90 set system name-server 10.1.1.94 set system name-server 208.67.222.222 set system name-server 208.67.220.220 set system name-resolution no-resolve-on-input set system services ssh protocol-version v2 set system services telnet set system services netconf ssh set system services web-management http interface ge-0/0/1.0 set system services web-management https system-generated-certificate set system services web-management https interface ge-0/0/1.0 set system services web-management session idle-timeout 60 set system syslog archive size 100k set system syslog archive files 3 set system syslog user * any emergency set system syslog file messages any critical set system syslog file messages authorization info set system syslog file interactive-commands interactive-commands error set system max-configurations-on-flash 5 set system max-configuration-rollbacks 5 set system license autoupdate url https://ae1.juniper.net/junos/key_retrieval set system ntp server us.ntp.pool.org set interfaces ge-0/0/1 unit 0 family inet address 192.168.34.100/24 set interfaces ge-0/0/2 unit 0 family inet address 10.110.4.3/22 set interfaces ge-0/0/3 unit 0 family inet address 192.168.1.10/24 set routing-options static route 192.168.150.0/24 next-hop 192.168.34.1 set routing-options static route 0.0.0.0/0 next-hop 10.110.4.1 set protocols stp set security address-book global address inews-a 192.168.34.61/32 set security address-book global address server1 192.168.3.155/32 set security nat source rule-set nsw_srcnat from zone STV1 set security nat source rule-set nsw_srcnat to zone Internet set security nat source rule-set nsw_srcnat rule nsw-src-interface match source-address 0.0.0.0/0 set security nat source rule-set nsw_srcnat rule nsw-src-interface match destination-address 0.0.0.0/0 set security nat source rule-set nsw_srcnat rule nsw-src-interface then source-nat interface set security nat source rule-set nsw_srcnat1 from zone Internet set security nat source rule-set nsw_srcnat1 to zone STV1 set security nat source rule-set nsw_srcnat1 rule nsw_srcnat1 match source-address-name inews-a set security nat source rule-set nsw_srcnat1 rule nsw_srcnat1 then source-nat off set security nat destination pool 192_168_34_100_ address 192.168.34.100/32 set security nat destination rule-set nsw_destnat from zone Internet set security nat destination rule-set nsw_destnat rule 0_Default--Internal_ match source-address 0.0.0.0/0 set security nat destination rule-set nsw_destnat rule 0_Default--Internal_ match destination-address 10.110.4.3/32 set security nat destination rule-set nsw_destnat rule 0_Default--Internal_ then destination-nat pool 192_168_34_100_ set security nat destination rule-set nsw_dest from zone STV1 set security nat destination rule-set nsw_dest rule int match destination-address 192.168.34.61/32 set security nat destination rule-set nsw_dest rule int then destination-nat off set security nat static rule-set inews from zone Internet set security nat static rule-set inews rule r1 match destination-address 10.110.4.5/32 set security nat static rule-set inews rule r1 then static-nat prefix 192.168.34.61/32 set security nat static rule-set inews rule r2 match destination-address 10.110.4.6/32 set security nat static rule-set inews rule r2 then static-nat prefix 192.168.34.62/32 set security policies from-zone STV1 to-zone Internet policy All_Internet_STV1 match source-address any set security policies from-zone STV1 to-zone Internet policy All_Internet_STV1 match destination-address any set security policies from-zone STV1 to-zone Internet policy All_Internet_STV1 match application any set security policies from-zone STV1 to-zone Internet policy All_Internet_STV1 then permit set security policies from-zone STV1 to-zone Internet policy permit-all match source-address inews-a set security policies from-zone STV1 to-zone Internet policy permit-all match destination-address any set security policies from-zone STV1 to-zone Internet policy permit-all match application any set security policies from-zone STV1 to-zone Internet policy permit-all then permit set security policies from-zone Internet to-zone STV1 policy All_Internet_STV1 match source-address any set security policies from-zone Internet to-zone STV1 policy All_Internet_STV1 match destination-address any set security policies from-zone Internet to-zone STV1 policy All_Internet_STV1 match application any set security policies from-zone Internet to-zone STV1 policy All_Internet_STV1 then permit set security policies from-zone Internet to-zone STV1 policy server-access match source-address any set security policies from-zone Internet to-zone STV1 policy server-access match destination-address inews-a set security policies from-zone Internet to-zone STV1 policy server-access match application any set security policies from-zone Internet to-zone STV1 policy server-access then permit set security zones security-zone STV1 interfaces ge-0/0/1.0 host-inbound-traffic system-services ping set security zones security-zone STV1 interfaces ge-0/0/1.0 host-inbound-traffic system-services http set security zones security-zone STV1 interfaces ge-0/0/1.0 host-inbound-traffic system-services https set security zones security-zone STV1 interfaces ge-0/0/1.0 host-inbound-traffic system-services ssh set security zones security-zone STV1 interfaces ge-0/0/1.0 host-inbound-traffic system-services telnet set security zones security-zone Internet interfaces ge-0/0/2.0 host-inbound-traffic system-services ping
I want to connect the new internet circuit to srx240 ge-0/0/0 then connect ge-0/0/3 to my switch to distribute the internet.
First of all, I configured the check the internet on srx but the gateway 10.0.0.5 is not pingable.
root@SRX240STV# set interfaces ge-0/0/0 unit 0 family inet address 10.0.0.6/30 root@SRX240STV# set routing-options static route 0.0.0.0/0 next-hop 10.0.0.5 root@SRX240STV# set system name-server 84.235.6.55
Your support and suggestions are highly appreciated