Issues W/ Multiple Interfaces on Single IRB / VLAN
Hello all, I am having some issues with my srx345 running JUNOS 15.1X49-D75.5. I am attempting to have a single VLAN (assigned to an IRB) be switched through multiple physical interfaces.Unfortunately,...
View ArticleMessages from syslogd
I am running JUNOS Software Release [15.1X49-D80.4] Bios Version 3.1. on a new SRX300. The l2-learning global-mode is set to switching.time-zone is set to Europe/London (no thanks to the J-web...
View ArticleIDP packet-log - Log director or STRM?
Hi folks, Can anyone tell me if STRM is required to read the packet-log stream coming from IDP or can I use log director in JUNOS space? Also, does anyone have any real world performance stats on using...
View ArticleOne node SRX240H chassis cluster powered off
Hi, here at the office we have a cluster with two SRX240H (node0, node1) v. 12.1X44-D60.2, by mistake one of the nodes (node1) was powered off and some changes where made and committed to the active...
View ArticleDynamic VPN - Cannot access protected resources
Hello, I think I may be missing something here, I have gone over the documentation for the dynamic vpn and am able to connect with the pulse client, however I cannot access any protected resources I...
View ArticleBroken pipe after 10 Seconds
Hi there, I have a SRX240H2 which is connected to the internet. Behind this is one ethernet port with 3 internal VLANs (VLAN1,VLAN2,VLAN3) and one ethernet port without vlan taging which serves public...
View ArticleTraffic not encrypted/sent with overlapping traffic selectors
Hi, I have a situation that I have to configure a VPN tunnel with the following overlapping traffic selectors (or overlapping crypto ACLs in Cisco's term) to accommodate other side. Basically partner...
View ArticleFilter at lo0 for SSH and NTP
I'm sure this is easy and something simple is being missed. Heck, if I had a test environment (or tested better before installation) this would be solved. The below configuration is a active/passive...
View ArticleGRE over IPSEC
when using GRE over IPSEC and want to use loopback address as the tunnel endpoint, why it is a must to make st0 unnumbered ??? i though that all st0 interfaces should have an ip address and be in the...
View ArticleNon-SRX VPN Setup - passthrough/NAT to VPN Box Problems
Hello, I have a VPN box on a separate VLAN that you can see in my config that I attached connected to an openvpn box that is dedicated for this. It is listening on the right port, I have the config...
View ArticleJ-Flow v9 with two external flow collectors on SRX
Hi all, I have configured J-Flow v9 on SRX according to this KB. I want to direct J-Flow traffic to 2 external collectors. I have tried 2 external collectors under the same instance - instance1: set...
View ArticleAny way to get a SRX300 to handle a dynamic list of IPs
For me, my most heavily used IP addresses are those associated with MS hosted Exchange, Azure, and Office 365, including OneDrive, Outlook, Sharepoint and Skype. The list of valid IPs changes monthly,...
View ArticleIKE negotiation failed with error: IKE gateway configuration lookup failed...
Hi All, In attempting to bring up a site-to-site VPN between a Juniper SRX 240H2 and a Cisco ASA5505, I am receiving the following error repeatedly:...
View Articlereplacement for srx100 and srx110
With the SRX100 and 110 reaching end of life what is the next option for replacing the srx 100? We liked the smaller 100 for use within atms.
View ArticleNatting from a routing instance to global instance in a chassis cluster??
Hi guys, Got 2 SRX boxes in chassis cluster.. reth0.0 - Internet, reth1.0 Internal.reth0.0 is in global instance and reth1.0 is in a routing instance. Source-natted out-going traffic from reth1.0 to...
View ArticleVPN Hub and Spoke with IP Dynamic tunnel up but can not ping
Hi all,I'm deploying VPN site to site between Main Office with branches by SRX devices. SRX Branches are behind NAT device. Main Office has IP static public, branches have dynamic IP (use noip). So, I...
View ArticleSRX210 in band managment in trunk mode
Hello all, I need your help to enable this scenario as attached, using ge0/0 in trunk mode with vlan20 "in band mamagment" and vlan90 "traffic data". Fa2 to LAN. what do i need to config to stablished...
View ArticleSecondary Index Corrupt
Hi: Can anyone help with this problem. I have searched and found nothing. When I commit a new configuration on an SRX210H running Junos 12.1X46-D65.4 I get the message "Secondary index corrupt: not...
View Articlepolicy based VPN
when studing policy based VPN it says that when a traffic match a policy a new tunnel is generated because each tunnel has its own negotiation process and SA ...would someone please explain what does...
View Article