I doubt if MX80 has more capacity interms of ipsec performance. What
numbers are you refering to?
Regards
Asad
On 29 Apr 2015 15:24, ashish verma ashish.s...@gmail.com wrote:
We are running IPSEC on MXs quite extensively and it has been fairly
stable.
SRXs are good for IPSEC but depending on
Hi,
Show configuration in operational mode (without display set) displays the
comments.
Regards
Asad
On 18 Feb 2015 02:33, Harri Makela via juniper-nsp
juniper-nsp@puck.nether.net wrote:
Hi There
Hi
You can annotate match statement on each policy to add comments. Those
comments will show in start of each policy when you do show configuration
(without display set)
Br
Asad
On Nov 5, 2014 6:43 PM, Harri Makela via juniper-nsp
juniper-nsp@puck.nether.net wrote:
Hi There
is there
Reffer data plane on following:
http://kb.juniper.net/InfoCenter/index?page=contentid=KB16224
Asad
On Friday, December 13, 2013, R S wrote:
how can I config syslog/traffic log directly from data plane ?
some config example ?
tks
--
Date: Fri, 13 Dec 2013
Hi,
DNAT is done before the policy match/route lookup. You need to allow x.x.x.x in
the policy instead of y.y.y.y
Regards,
Asad
On Nov 28, 2013, at 11:00 AM, Mohammad Khalil eng.m...@gmail.com wrote:
Hi All
I have srx210h
I Have a server with an IP address x.x.x.x and want to allow telnet
followed the link below
http://www.fir3net.com/Juniper-SRX-Series-Gateway/juniper-srx-destination-nat-port-forwarding.html
On Thu, Nov 28, 2013 at 11:08 AM, Asad Raza asadgard...@gmail.com wrote:
Hi,
DNAT is done before the policy match/route lookup. You need to allow x.x.x.x
in the policy
policies from-zone untrust to-zone trust policy DNAT_POLICY
then permit
Hope it works now :)
Regards,
Asad
On Nov 28, 2013, at 11:40 AM, Asad Raza asadgard...@gmail.com wrote:
Again,
Your config says that x.x.x.x is the physical IP address of the server and
y.y.y.y is the NAT pool IP.
So
Hi,
The configuration you specified is good enough to send APPTRACK logs to
syslog server. You may verify using wireshark whether you are actually
receiving those or not.As mentioned by Wood,log message will start with
APPTRACK_SESSION_.
You may view these logs in any syslog server. however
Hi,
You'll usually get this problem if in any of your rules you do not specify
the mandatory fields (source,destination,application etc).
Regards,
\Asad
On Wed, Jul 24, 2013 at 6:15 PM, Md. Jahangir Hossain
jrjahan...@yahoo.comwrote:
Dear friend:
Wishes all are fine.I am facing some
Hi,
you might not be specifying the exact source that is allowed in the
proxy-ID. Also, confirm if it is policy based or tunnel based configuration
at J-end.
regards,
Asad
On Wed, Apr 18, 2012 at 12:19 PM, osamh hammoudeh osamh...@hotmail.comwrote:
hi all ,
i had configured vpn site to
You need to first check whether your traffic is matching against the
policy, secondly you need to check phase-2 negotiations once traffic is
matched against policy. Traceoptions on J-series will help you identify the
problem and share configuration of both sides for better understanding.
regards;
Hi Marco,
I see that you are using a custom proposal in phase-1 but using compatible
in phase-2, that could be the problem. You need to define exact proposal in
phase-2 aswell. Could you confirm if proposal mismatch is in phase-1 (ike)
or phase-2 (ipsec) ot be more specific?
regards,
Asad
On
Hi,
could you pls elaborate it got what after 20 or 30 sec?
regards,
Asad
On Wed, Jan 18, 2012 at 11:05 PM, Humair Ali hum...@premier.com.pk wrote:
I am facing issue on isg 2000, when we try to forward oracle traffic
through FW it got after 20 or 30 sec. I tried ALGs as well as service
Hi,
24hrs mean that you might be having issue once your phase-1 is rekeyed
(being life-time of phase-1 normally). DPD would detect if the next device
is live of not, should not help in this scenario.
Please check once problem is raised, if the SA is available on both devices
or not? I have seen
Dear Nick,
You could check your IPSec logs to dig down the exact reason due to which
tunnel is dropping. It must be some parameter mismatch. Normally if your
establish tunnel between cisco devices and there is a parameter mismatch,
the tunnel wont establish. but incase of juniper the tunnel will
?
- Original Message -
From: Asad Raza asadgard...@gmail.com
To: Jimmy Stewpot mail...@oranged.to
Cc: juniper-nsp@puck.nether.net
Sent: Tuesday, 27 April, 2010 5:20:11 PM
Subject: Re: [j-nsp] Netscreen dialup vpn questions
Dear Jimmy,
please confirm what lifetime is set for phase 1
Dear Jimmy,
please confirm what lifetime is set for phase 1 and phase 2 proposals. i
believe you cannot flush a session unless its lifetime is expire.
regards,
Asad
On Tue, Apr 27, 2010 at 11:28 AM, mail...@oranged.to wrote:
Hello,
I have recently swapped out a Cisco ASA with a Juniper SSG
17 matches
Mail list logo
