VPN and routing
Hi!I'm try to configure for the first time a vpn site-to-site with a remote location. I checked andt the tunnel is up, but I can not access the remote network . I suspect it is routing, although it is...
View ArticleRe: VPN and routing
Now I got a little confused, apparently my link is not completely UP. Could you help me with this question? root@srx340> show security ike security-associationsIndex State Initiator cookie...
View ArticleRe: VPN and routing
Hello, Did you bind the st0.0 to the correct ipsec vpn config?Share all your vpn configuration ike/ipsec/security policies/etc
View ArticleRe: VPN and routing
Hello. I do not see Phase 2 SAs up. Only Phase 1 SAs are up.What is the output of following commands for gateway & VPN configured for the said peer? show configuration security ike gateway...
View ArticleRe: How to confirm route 10.0.08/32 go through fxp0 in MX960?
Hello, If the IP is configured on lo0, you would see that route as connected?Why do not want it to see that route through fxp0? Regards, Rushi
View ArticleRe: ISP Transit Customer Routing
Hello,Here You go.1. I modeled full table with folowing 7 routes:0.0.0.0/3 32.0.0.0/3 64.0.0.0/3 96.0.0.0/3 128.0.0.0/3 160.0.0.0/3 192.0.0.0/3 2. Please see below the example configuration for 2...
View ArticleRe: VPN and routing
Hi Rush! Here are the settings: root@srx340> show configuration security ikeproposal VPN_Conf { authentication-method pre-shared-keys; dh-group group2; authentication-algorithm sha1;...
View ArticleRe: VPN and routing
Hi Aigarz! Yes, vpn is using the st0.0. root@srx340> show configuration security ikeproposal VPN_Conf { authentication-method pre-shared-keys; dh-group group2; authentication-algorithm...
View ArticleRe: VPN and routing
Hello, By default Route Based VPN takes Proxy-IDs as 0.0.0.0/0 for source, destination & service.What is your peer device? Is it also configured for the proxy-id as 0.0.0.0?If not, what are the...
View ArticleRe: How to confirm route 10.0.08/32 go through fxp0 in MX960?
Thanks for your reply. here are answers to your questions: If the IP is configured on lo0, you would see that route as connected? Yes, i see it. but i need to know which physical interface the traffic...
View ArticleRe: VPN and routing
Hi rtilak! Here you are!tks version 15.1X49-D45;system { host-name srx340; domain-name walar.com.br; time-zone America/Sao_Paulo; root-authentication { encrypted-password...
View ArticleRe: VPN and routing
Hi rtilak!Regarding the proxy ID configuration, I do not know if it is done, unless it was configured automatically, because I did not configure it.
View Articleipv6 prefix /127 and /128
Hi Can you tell what is difference between the below two prefixes? The second one is one prefix, how about the first one? thank you. 2221:4444:46:f113:40:250::/1272221:4444:46:f113:40:250:0:2/128
View ArticleRe: VPN and routing
So as rtilak already pointed out phase2 SAs are missing and you don't have any proxy-ids definded. With route base vpns, it might be an issue that peers can't negotiate proper SAs.Try to match phase2...
View ArticleFlowspec Actions supported?
Hi, I was testing flowspec and I'm seeing an unknown community for flowspec remarking (community 0x8009). The actions for rate, redirect seem to be fine, it's just remarkign that i'm having an issue...
View ArticleRe: ipv6 prefix /127 and /128
Hello, I think /128 is a single IP equivalent to /32 in IPv4.But /127 comprises of 2 IPs equivalent to /31 in IPv4. Regards, Rushi
View ArticleRe: VPN and routing
Hello, What is the peer device?What is it's configuration for the VPN with junos device? Regards, Rushi
View ArticleRe: Flowspec Actions supported?
Hello, Can you share your relevent configuration for flowspec? Regards, Rushi
View ArticleRe: How to confirm route 10.0.08/32 go through fxp0 in MX960?
Hello, FXP0 is used for out of band management purposes. Now mixing out of band management traffic with production is not a good idea. Besides it depends upon the source from which you are trying to...
View ArticleRe: IPSEC Tunnel over VLANS
Why are you not able to add the new proxy id pairs to the existing IPSEC tunnel?
View Article