Re: [j-nsp] PPTP VPN through NAT on M10i

2012-01-17 Thread Jo Rhett
Great, thanks Alex. When I get this working I'll post a working configuration for anyone searching for this ;-) On Jan 17, 2012, at 8:27 PM, Alex Arseniev wrote: > The link You supplied is for JUNOSE, not JUNOS. > If you have 100s of users and 1s of public IPs means You need NAPT44. > The way to

Re: [j-nsp] PPTP VPN through NAT on M10i

2012-01-17 Thread Alex Arseniev
The link You supplied is for JUNOSE, not JUNOS. If you have 100s of users and 1s of public IPs means You need NAPT44. The way to use PPTP through NAPT44 on JUNOS is to activate PPTP ALG (more specifically, match on application "junos-pptp" in NAT rule or SFW rule) and PPTP ALG ALG is supported fr

Re: [j-nsp] RPF-Check

2012-01-17 Thread Jo Rhett
I have found that running strict on customer ports and loose on transit interfaces is the best way to operate. That said, it is entirely reasonable to tell this customer that the problem is on their side. Sending their packets out through a provider they don't advertise through could be consid

[j-nsp] RPF-Check

2012-01-17 Thread Brendan Mannella
Hello Everyone, I have a question regarding RPF-Check. I currently have a edge router with two transits, getting full routes from both. "Asymmetric routing" We have RPF-Check enabled on both the transit interfaces. We also have "unicast reverse path feasible-paths" enabled. I am currently troub

Re: [j-nsp] PPTP VPN through NAT on M10i

2012-01-17 Thread Jo Rhett
Does that mean that it is supported from 11.2R1 up, or does that mean it's never supported this way? Did I misread this page, which says that outside source dynamic nat is supported? https://www.juniper.net/techpubs/en_US/junose10.1/information-products/topic-collections/swconfig-ip-services

[j-nsp] VPLS configuration

2012-01-17 Thread Michael Phung
Hello Everyone, We're looking to deploy VPLS and L3VPN services on our network and I'm looking for some help on creating these instances across our network. So far we are focused on providing VPLS first. I've looked through a lot of the examples available online from Juniper and also some past j-n

Re: [j-nsp] SRX650 cluster - ethernet switching issue

2012-01-17 Thread stasm
On Mon, Jan 16, 2012 at 6:31 PM, Pavel Lunin wrote: .. > Either each SRX connected to its own switch (I prefer this) or full mesh > (people like this but there is no much sense, imho). So in terms of the > number of physical ports, it seems like this is not the SRX's job (in most > cases).