Setting up PPPoE with username and password
hello im now to the fourms so excuse me if my information is wrong or i sound 'dumb' ive recently got my hands on a SRX210-HM and ive decided it would be a good idea to use it as the new bussiness...
View ArticleConnecting Two Clusters Together
Hi all experts, I am having a pair of clustres one of SRX5400 and one of SRX3600. I want to connect these two clusters together. My goal is to ensure fole:1. In case primary node of cluster-1 fails:...
View ArticleClik here to view.
IKEv1 main mode
from the article https://tools.ietf.org/html/rfc2409i understood that in phase1 HMAC is used as PRF to derive keys from DH session key... please i need an to correct my understanding.1-nonces +...
View ArticleRoute-based VPN
when using point-tpoint VPN is it a must that both st0 interface be in the same subnet ???when using multi point VPN is it a must that all st0 interfaces be in the same subnet ???
View ArticleSRX Cluster to L3/L2 Switch
Hello guys, Looking to implement intervlan routing, using an SRX 550 (cluster) and a cisco L3 switch, what is Junipers design recommendation SRX on a stick or RVI ? Thank you
View ArticleClik here to view.
Remote access VPN clients on RIs
According to the above diagram, RA VPN client A has to access his resources on 10.2.3/24 A location. Like wise B has to access his resources on 10.2.3/24 B location. A and B are two different...
View ArticleSRX240 to SRX340 conversion
I'm moving from an SRX240 to an SRX340. Since the configuration file is fairly large, I'd like to preserve as much as possible of it.I'm getting lots of errors at Commit.Some are: "reserved...
View ArticleFILTERING VLAN BASED TRAFFIC ON SRX 550 CLUSTER
Hello Guys, I have set up an SRX on a stick, with vlan tagging and subinterfaces representing VLAN 10 -SERVERS, VLAN 20 - FINANCE and VLAN 30 -IT and their corresponding IP's configured on the Reth...
View ArticleDynamic GRE Tunnels
Hello- i have a SRX installed as a head-end device and there are many remote devices that have GRE tunnels setup to it. Now we need to support clients that will have dynamic address assigned to the...
View ArticleIPSEC VPN Troubleshooting
Having trouble with this VPN, config is attached. IKE appears to be up along with IPSEC: show security ike security-associations Index State Initiator cookie Responder cookie Mode Remote Address...
View ArticlePPPoE making handshake but not giving username and password
hello after finding the required instructions on the juniper website i configured a pp0 interface and set out to connect it to the isp's network. i found that no internet was given. according to the...
View ArticlePEM 0 Not Present
Hi there.I got my hands on a not-so-new SRX1500 to do some testing/learning/whatever. And it seems eithere I'm a bit daft or there's something strange. The device is supposed to have been cleared to...
View ArticleSRX 3600 reth port issue
May 2 13:28:59 NB1_SRX_Node0 rpd[1312]: Decode ifd ge-15/0/4 index 181: ifdm_flags 0xc001May 2 13:28:59 NB1_SRX_Node0 rpd[1312]: krt_inherit_ifd_aps_flags ge-15/0/4 index 181: <> from selfMay 2...
View ArticleMerge internet lines
Hi, Good Day,I have a customer have five internet lines with 8Mbps,He want to merge the five lines to appear as 40Mbps, Is this possible ?If yes,He want make traffic shaping on 40Mbps In which assign...
View ArticleClik here to view.
Hostname missing from SRX syslogs
From the SRX device we are sending syslogs to syslog server. however the hostname if missing only for RT_FLOW logs when we are checking on syslog server. We are not doing any kind of filtering or...
View ArticleClik here to view.
ESP & NAT-T
i understand that the ESP packet must be encapsulated inside a UDP packet because ESP doesnt have a port number and will be dropped by a NAT device performing pat...*But i have a misunderstanding...
View ArticleCan I use same firmware for different SRX models?
I need to install firmware 11.4R5.5 in a SRX240. In my documentation I've found this file: junos-srxsme-11.4R5.5-domestic.tgz but I don't know if this firmware belongs to an unique SRX model or if it...
View ArticleSecurity policy bypass
If the incomming packet destination address is the receiving interface, SRX will not check Security policy it will check the host-inbound traffic !!!! >> would someone please explain why this...
View ArticleFirewall filter precedence
I'm trying to understand the precedence of firewall filters. First, are the items within a term processed as AND or OR? So if I have a source-address and destination-address both defined, do both have...
View Article