Hello,
is anyone out there using the dns-proxy feature for the branch SRX? Are
there any clever tricks for specifying the source address the SRX uses to
query name servers? It does not appear to be a config option.
with the default config it appears to use the IP of the outbound
interface. If
List friends,
Does the QFX3500 support 6VPE, aka RFC4659? I cannot get an answer from JTAC or
my SE.
I can only find documentation from Juniper that 6PE is supported, with no
mention of 6VPE as supported or unsupported.
I think I have it working (using 12.3X50-D30), but do wonder if it is
Greetings-
I have an M20 in the lab that I need to get up for a couple of tests. I
realize it's an old boat anchor and isn't supported, but it's what I've got
at the moment. All I really need to do is some MPLS/LDP testing, which it
should be able to do.
I have Junos 12.3R1.7 running on this
Hi Joe-
Have you tried an 11.x or 10.x train of code? The M20 went end of
engineering on 30-Sep-2011 so 12.x versions Junos might not support the FPC.
Also, you should see something in var/log/messages if the system can't
bring the fpc on line.
request chassis fpc online slot slotnumber should
I started with a 10.0 train with the same symptoms.
show log chassisd only shows an snmp trap for fru removal when the fpc is
trying to come up.
show log messages has this, though-
Oct 15 13:56:48 lab-m20 alarmd[1532]: Alarm set: FPC color=RED,
class=CHASSIS, reason=Too many unrecoverable
Hi Andy,
I have come across this exact issue using the feature.
There was a good reason why we didn't use default address selection that
escapes me just now, but I had a slight advantage in that I was using
route-based VPNs, so I was able to number the st0 interface with a /32 from the
I've certainly had no issue with stability using route-based VPN.
As far as multiple subnet (proxy-id / traffic selectors) support, as of
12.1X46-D10 this is now native in Junos -
http://kb.juniper.net/InfoCenter/index?page=contentid=KB28820
and is dead simple to configure.
If you're a
I'd happily use route-based vpns if they are supported in my use case.
Based on Kbs and internet lore, it seemed policy based was the best bet
for stability.
My two tunnel endpoint devices are the SRX and a Cisco ASA.
On the SRX side I've got a single subnet but on the ASA side I've got two
I'm running 12.1X44-D40.2 right now (had to run newer 12.1X code to even
use the dns-proxy feature :) ). I'll give X46-D10 a look; the
traffic-selctors looks pretty interesting.
As far as your comment regarding widening the crypto-map- that's what i
was implying with my example acl- basically
9 matches
Mail list logo