- Pulse Secure Community
- :
- About Janrik_
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
since
10-29-2017
10-29-2017
Janrik_
New Contributor
2
Posts
0
Kudos
0
Solutions
10-03-2012
08:17:AM
Thanks for the quick reponse.I can't ping the SRX when I go thru the MAG, only when I'm directly connected. I haven't tried the logging yet, but if it is as you say that the traffic type is "transit" instead of "self" that can be an explination. Here is my configuration. The SRX is inside a working lab, so that's why there are so many subinterfaces, bgp et.c. ## Last commit: 2013-09-20 17:27:40 UTC by Manager version 12.1X45; system { host-name SRX-650; root-authentication { encrypted-password "$1$1DHsDkZd$QYRc2HvOBGqWIs6ozBfox1"; ## SECRET-DATA } name-server { 208.67.222.222; 208.67.220.220; } login { message "LAB"; retry-options { tries-before-disconnect 3; } class super-user-local { idle-timeout 10; permissions all; } user Manager { full-name Manager; uid 101; class super-user-local; authentication { encrypted-password "$1$nyhhmF2L$KpuNP1J/3jg5KcOROeBS/."; ## SECRET-DATA } } } services { ssh; xnm-clear-text; web-management { https { system-generated-certificate; interface [ vlan.0 lo0.0 ]; } } dhcp { router { 192.168.1.1; } pool 192.168.1.0/24 { address-range low 192.168.1.2 high 192.168.1.254; } propagate-settings fe-0/0/0.0; } } syslog { archive size 100k files 3; user * { any emergency; } file messages { any critical; authorization info; } file interactive-commands { interactive-commands error; } } max-configurations-on-flash 5; max-configuration-rollbacks 5; license { autoupdate { url https://ae1.juniper.net/junos/key_retrieval; } } } interfaces { fe-0/0/0 { vlan-tagging; unit 2545 { vlan-id 2545; family inet { address 146.150.254.158/29; } } } fe-0/0/1 { description TO-SSG-320M; unit 0 { family inet { address 146.150.252.227/28; } } } fe-0/0/2 { unit 0 { family ethernet-switching { vlan { members vlan-trust; } } } } fe-0/0/4 { description ISP-1; vlan-tagging; unit 407 { description CUSTOMER-1; vlan-id 407; family inet { address 146.150.195.97/29; } } unit 612 { description CUSTOMER-2; vlan-id 612; family inet { address 146.150.195.137/29; } } unit 616 { description CUSTOMER-3; vlan-id 616; family inet { address 146.150.251.73/29; } } unit 661 { description CUSTOMER-4; vlan-id 661; family inet { address 146.150.60.185/29; } } } fe-0/0/5 { description ISP-2; vlan-tagging; unit 2023 { description CUSTOMER-1; vlan-id 2023; family inet { address 146.150.63.121/29; } } unit 2050 { description CUSTOMER-2; vlan-id 2050; family inet { address 146.150.253.177/29; } } unit 2057 { description CUSTOMER-3; vlan-id 2057; family inet { address 146.150.71.41/29; } } unit 2059 { description CUSTOMER-4; vlan-id 2059; family inet { address 146.150.60.121/29; } } unit 2090 { description CUSTOMER-5; vlan-id 2090; family inet { address 146.150.71.9/29; } } unit 2189 { description CUSTOMER-6; vlan-id 2189; family inet { address 146.150.60.137/29; } } } fe-0/0/6 { description ISP-3; vlan-tagging; unit 2808 { description CUSTOMER-1; vlan-id 2808; family inet { address 146.150.60.145/29; } } } fe-0/0/7 { description ISP-4; vlan-tagging; unit 696 { description CUSTOMER-1; vlan-id 696; family inet { address 146.150.253.113/29; } } unit 728 { description CUSTOMER-2; vlan-id 728; family inet { address 146.150.26.65/29; } } unit 4000 { description CUSTOMER-3; vlan-id 4000; family inet { address 146.150.253.193/29; } } } lo0 { unit 0 { family inet { address 192.168.100.254/24; } } } vlan { unit 0 { family inet { address 192.168.100.1/24; } } } } routing-options { static { route 10.200.116.0/24 next-hop 146.150.71.14; route 146.150.246.32/27 next-hop 146.150.251.78; route 10.200.254.0/24 next-hop 146.150.26.70; route 10.200.241.0/24 next-hop 146.150.60.190; route 146.150.3.224/27 next-hop 146.150.60.150; route 0.0.0.0/0 { next-hop 146.150.254.153; retain; } route 146.150.203.144/28 next-hop 146.150.195.142; } autonomous-system 64512; } protocols { bgp { group SPOKE { type external; export BARA-DEFAULT-ROUTE; neighbor 146.150.253.118 { metric-out 100; local-preference 200; local-address 146.150.253.113; peer-as 65006; } neighbor 146.150.195.102 { metric-out 100; local-address 146.150.195.97; peer-as 65023; } neighbor 146.150.71.46 { metric-out 200; local-address 146.150.71.41; peer-as 65023; } neighbor 146.150.253.182 { local-preference 100; local-address 146.150.253.177; peer-as 65006; } neighbor 146.150.253.198 { metric-out 100; local-preference 200; local-address 146.150.253.193; peer-as 65019; } neighbor 146.150.63.126 { metric-out 200; local-preference 100; local-address 146.150.63.121; peer-as 65019; } } group CORE { local-address 10.150.254.158; } } ospf { export STATIC-AND-DIRECT-TO-OSPF; area 0.0.0.0 { interface fe-0/0/6.0; interface fe-0/0/1.0 { priority 1; } } } stp; } policy-options { policy-statement ONLY-DEFAULT-ROUTE { term ALSO-OK { from interface lo0.0; then accept; } term OK { from { route-filter 0.0.0.0/0 exact; } then accept; } term EJ-OK { then reject; } } policy-statement STATIC-AND-DIRECT-TO-OSPF { term MATCH-STATIC { from protocol static; then { metric 10; external { type 1; } accept; } } term MATCH-DIRECT { from protocol direct; then { metric 10; external { type 1; } accept; } } term MATCH-BGP { from protocol bgp; then { metric 10; external { type 1; } accept; } } } } security { screen { ids-option untrust-screen { icmp { ping-death; } ip { source-route-option; tear-drop; } tcp { syn-flood { alarm-threshold 1024; attack-threshold 200; source-threshold 1024; destination-threshold 2048; timeout 20; } land; } } } nat { source { rule-set trust-to-untrust { from zone trust; to zone untrust; rule source-nat-rule { match { source-address 0.0.0.0/0; } then { source-nat { interface; } } } } } } policies { from-zone trust to-zone untrust { policy trust-to-untrust { match { source-address any; destination-address any; application any; } then { permit; } } } from-zone trust to-zone trust { policy ALLOW_ALL { match { source-address any; destination-address any; application any; } then { permit; } } } from-zone DMZ to-zone DMZ { policy DHCPTEST { match { source-address any; destination-address any; application any; } then { permit; } } } from-zone DMZ to-zone trust { policy ALLOW-MANAGEMENT { match { source-address any; destination-address 192.168.100.0/24; application [ junos-https junos-ftp junos-icmp-all junos-ssh junos-tftp junos-telnet junos-syslog ]; } then { permit; } } } from-zone trust to-zone DMZ { policy FROM_MANAGEMENT { match { source-address 192.168.100.0/24; destination-address any; application [ junos-icmp-all junos-ftp junos-ssh junos-telnet junos-tftp junos-syslog ]; } then { permit; } } } } zones { security-zone trust { address-book { address 192.168.100.0/24 192.168.100.0/24; } host-inbound-traffic { system-services { all; } protocols { all; } } interfaces { vlan.0 { host-inbound-traffic { system-services { ping; traceroute; ssh; dhcp; https; tftp; snmp; ftp; } } } fe-0/0/1.0 { host-inbound-traffic { system-services { ping; traceroute; } protocols { ospf; } } } fe-0/0/0.2545; lo0.0; } } security-zone untrust { screen untrust-screen; } security-zone DMZ { host-inbound-traffic { system-services { ping; traceroute; } } interfaces { fe-0/0/4.407 { host-inbound-traffic { system-services { ping; traceroute; } protocols { bgp; bfd; } } } fe-0/0/5.2057 { host-inbound-traffic { system-services { ping; traceroute; } protocols { bgp; bfd; } } } fe-0/0/7.696 { host-inbound-traffic { system-services { ping; traceroute; } protocols { bgp; bfd; } } } fe-0/0/5.2090 { host-inbound-traffic { system-services { ping; traceroute; } } } fe-0/0/5.2050 { host-inbound-traffic { system-services { ping; traceroute; } protocols { bgp; bfd; } } } fe-0/0/4.616 { host-inbound-traffic { system-services { ping; traceroute; } } } fe-0/0/7.728 { host-inbound-traffic { system-services { ping; traceroute; } } } fe-0/0/4.661 { host-inbound-traffic { system-services { ping; traceroute; } } } fe-0/0/6.2808 { host-inbound-traffic { system-services { ping; traceroute; } } } fe-0/0/3.0 { host-inbound-traffic { system-services { ping; traceroute; } } } fe-0/0/5.2189 { host-inbound-traffic { system-services { ping; traceroute; } } } fe-0/0/5.2059 { host-inbound-traffic { system-services { ping; traceroute; } } } fe-0/0/4.612 { host-inbound-traffic { system-services { ping; traceroute; } } } fe-0/0/7.4000 { host-inbound-traffic { system-services { ping; traceroute; } protocols { bgp; bfd; } } } fe-0/0/5.2023 { host-inbound-traffic { system-services { ping; traceroute; } protocols { bgp; bfd; } } } } } } } vlans { vlan-trust { vlan-id 3; l3-interface vlan.0; } }
... View more
10-03-2012
06:56:AM
Hi I have a lab-environment with a SRX-100, SSG5, SSG-320M, several switches and a MAG-2600. I have a out-of-band Management network at 192.168.100.0/24 and every device i connected to the same Management-switch and my computer is connected as well to the switch and has the IP-address 192.168.100.100/24. I can manage every device from my computer when I'm connected thru the management-switch with my wired network-card. I recently added the MAG-2600 and started to set it up, and I can connect to the MAG-2600 from my computer using the Junos Pulse client (I get the IP-address 192.168.100.80/24). Everything seems fine exept that I can't manage or ping the SRX-100 device. The zone which the Management-interface is in allow connections from ANY network and application. I've even tried to change the management address on the SRX-100 to 192.168.100.13/24 without any result (I can manage the SRX-100 on that address when I'm connected directly to the Management switch. Do anyone know where the problem might be? Thanks in advance! Rough topology ************************************************** *************** ________ |Computer| 192.168.100.100 | _________|________ -----------|Management-Switch| 192.168.100.10 | _______ |--------------------|SRX-100| 192.168.100.1 | _________ |--------------------|SSG-320M| 192.168.100.2 | ______ |--------------------|SSG-5| 192.168.100.5 | _____ |--------------------|Switch| 192.168.100.8 | _____ |--------------------|Switch| 192.168.100.9 | _________ |--------------------|MAG-2600| 192.168.100.11 |^| |^|(VPN-tunnel) ___|^|____ |Computer| 192.168.100.80
... View more
Latest Tags
No tags yet
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy.
Pulse Secure has updated its Privacy Policy effective June 28, 2017.
