VPN and PBR with failover
Hi,I need to make SRX to failover the PBR and VPN, only PBR is working with the follow config. The VPN is not working, when the first tunnel is down, the second never comes UP, could you help me? TKS...
View ArticleLan1 to Lan2 Nat config
HiI have 2 interfaces setup ge-0/0/1 is where most of my network servers are. I need when some devices go from ge-0/0/1 to ge-0/0/2 they appear to be coming from a 10.1.1.0 address. I also need when...
View ArticleIssues with IPSEC when one side is Dynamic
Ok, here's my issue. We have multiple VPN tunnels (around 70) running back from remote offices and they work great (Juniper SRX's on both ends). I need to add another that will not have the luxury of a...
View ArticleIssues with connecting SRX210 to BT Broadband
So I am trying to replace my home Hub 5 with an SRX210 HE2 - I have finnally managed to get it to connect & I can connected to a few websites, but that is mainly Google, & BT.com - if I try...
View ArticlePXE TFTP problems through SRX
Hi, Background: We have an environment where we have MPLS + IPSEC on the bottom. On top of that we've built another network with SRX firewalls using IPSEC-tunnels (without encryption). So it's IPSEC...
View ArticleFree Space Issue when trying to upgrade SRX110H1 via USB
Hi guys, I have tried to load an imagefile/config via USB to a SRX110H1.But the process abort: da0 at umass-sim0 bus 0 target 0 lun 0 da0: <SanDisk Cruzer Blade 1.26> Removable Direct Access...
View ArticleClik here to view.
SRX 1500 Packet trace not working as expected
Hi, I have the topology as showing here https://imgur.com/a/xB09y . I need to prove to my supplier which I connect through via reth2.0 that traffic is leaving my device correctly. To do this I want to...
View ArticleClik here to view.
Lot of discards between SRX and HP switch
Hello, Does anybody have an idea why i get massive discards between a SRX 300 and a HP (1910, 1810) switch ?I have the same setup on multiple locations and on all these locations the same issue...
View ArticleOSPF over mGRE over IPSec
Hi members,My customers is running OSPF over mGRE over IPSec, all devices are Cisco products with topo hub and spokes. Hub is running mGRE and NHRP (Next Hop Resolution Protocol) so GRE source on Hub...
View ArticleRenaming RETH Interfaces
I would like to rename RETH interfaces on an SRX cluster from RETH0 to RETH1 to ensure consistancy across devices. Would the rename be as simple as running the command below to update all references?...
View ArticleSRX cluster logging setup in stream mode
We have configured our SRX cluster in stream mode as recommneded by juniper.Requirement is to send all Control plane and data palne logs to syslog server y.y.y.yThe problem is that the syslog server...
View Articlestrange behavior on juniper ARP table when host adds new ip address to same...
I have a juniper SRX340 running as default gateway, I have a linux server (virtual machine actually) running debian 8.juniper ip: 192.168.1.1 Debian ip: 192.168.1.101 (eth0)I would like to add more ip...
View ArticleConfiguring PPPoE interface on a SRX550 Cluster
We have a SRX550 Cluster in place, which connects to a EX4200 Stack. From the EX4200 we have anuplink to a cable modem in brdige mode. This works fine, no issues. However, we have a back up...
View ArticlePublic IP address for a server behind an SRX5800
Hi all! We have a hosting system with an SRX5800 as a frontend firewall. We have multiple virtual routers in this device and normally we use static SNATs and DNATs. We give the client a public IP...
View Articlesrx4200 maximum IPsec site to site tunnels
Hi all. Can anyone tell me the maximum IPsec site to site tunnles supported on a srx4200? Can't find anything online.Can you provide me with a link? Thank you in advance.Alexandros
View ArticleCan I have multiple route-based VPN over multiple st0 interfaces
I want to create three VPN tunnels with third party peers, I want to use route-based VPN with traffic selector as each tunnel has multiple destinations.So can I use multiple st0 interfaces "one for...
View ArticleSRX1500 - Branch Full BGP Multihoming?
Hi all, I'm currently searching for a Branch Router, which is capable of Full BGP feeds. My requirements are: *) 2x IPv4 Full BGP Table*) 2x IPv6 Full BGP Table*) 1 Gbps throughput*) 3x 10G Ports, and...
View ArticleNAT through to a IPSec VPN
Amazon is hosting an Application server my users access via RDP. (10.0.0.110)We have an IPSec connection to the Amazon VPC via SRX300.I need to give my users access to this Amazon resource from various...
View ArticleCannot get VPN access to work
Hi, I am new to juniper and i cannot get any type of VPN actually connect. I can get to where it accepts the authentication but then it fails. I either get a tunnels not established or network error...
View ArticleClass of Service - Interface shaping-rate vs policer
hi all,I am trying to understand the differences between interface shaping-rate [edit class-of-service interfaces] versus [edit firewall policer]. I have read...
View Article