Tim Eberhard wrote:
Basically what happens is the ADSL connection seems to drop out;
yet I am still able to ping the ISP gateway address.
If I run "restart routing" on the SRX it fixes the problem, but the
problem comes back every week or so.
I ran into a problem which sounds somewhat similar with OSPF on a
chassis SRX. OSPF would form
a neighbor relationship fine, but every couple days we'd get an OSPF
reset with "too many retransmissions".
Then OSPF would reform it's neighbor relationship and work again for
another random period of time before
resetting again.
It turned out that we had not done this:
set security zones security-zone XXXX host-inbound-traffic protocols
ospf
After realizing that we were surprised that the OSPF neighbor
relationship formed at all. But it did. It was just
unstable.
What I think was happening was that we'd successfully connect outbound
via ospf, and the stateful firewall
would allow the return traffic back. But periodically the neighbor
router would need to send us an update
and that wouldn't get counted as "return traffic". So the firewall
filter would reject it inbound. Periodically
that would result in a "too many retransmissions" and a neighbor reset.
Assuming you have a similar cause, the trick is to figure out what
host-inbound-traffic protocol/service
to allow to keep your adsl up.
Darrell Root
Date: Tue, 06 Oct 2009 09:33:24 +1100
From: "Michael Dale" <md...@dalegroup.net>
To: juniper-nsp@puck.nether.net
Subject: Re: [j-nsp] Routing issues with SRX210
Message-ID: <20091005223324.43fc6...@mail.lttd.net>
Content-Type: text/plain; charset="us-ascii"
Hi Tim,
Thanks for the reply!
I've had a look at the jsrpd logs and didn't see anything
interesting/odd. Is there anything else I can check?
I'm pretty new to JunOS and the SRX range, I mostly use the ScreenOS
devices...
I'm going to swap over to an external ADSL modem to see if the
problem still occurs.
Thanks!
Michael.
_____
From: Tim Eberhard [mailto:xmi...@gmail.com]
To: Michael Dale [mailto:md...@dalegroup.net]
Cc: juniper-nsp@puck.nether.net
Sent: Mon, 05 Oct 2009 23:41:10 +1100
Subject: Re: [j-nsp] Routing issues with SRX210
The first thing I would check is the logs. Do you see a rdp deamon
problem or anything along those lines?
On Mon, Oct 5, 2009 at 2:21 AM, Michael Dale <md...@dalegroup.net>
wrote:
Hi All,
I'm having some issues with my SRX210 running JunOS 9.6
I'm using an SSG 20 ADSL mini-pim (which could be my problem as it
isn't supported).
Basically what happens is the ADSL connection seems to drop out;
yet I am still able to ping the ISP gateway address.
If I run "restart routing" on the SRX it fixes the problem, but the
problem comes back every week or so.
The routing table looks okay and I can ping the ISP gateway from
devices behind the SRX but nothing else.
Does anyone have any ideas on how to track this problem down?
Thanks,
Michael.
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
