If you have many uncontrolled directly connected L2 domains like IX-es or
customers, check policer __default_arp_policer__.
If there are drops, you need to apply interface-specific arp policers to
interfaces with protocols and/or to source of arp bursts.
18.08.2020 02:35, Mihai пишет:
Hi,
I
Look at default-address-selection option description:
https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/junos-software-system-management-source-address-local-tcp-ip-packets-configuring.html
For IPv4: If this option is not enabled, and destination is directly
connected th
Remember that on QFX platform some protocols shares same queue and
policers. When you got routing loops and TTL=0 packets excceeds its ddos
detection limits, also l3mtu-fail will be false triggered.
PR1211911
Some DDOS protocols shares same hardware policer
The following control packets share
family mpls enabled on the
interfaces. However the other two ways require that family to be enabled on
the RR interfaces.
Ivan,
On Thu, Sep 13, 2018 at 10:28 AM Misak Khachatryan
wrote:
> Well i think that also a problem of copy/pasting :)
>
> Previously we had RR on a PE router and it se
Hi Jason.
Do you have 'family mpls' configured for the vRR interfaces? Although the
RR is out of band you need that family configured on the RR interface.
Ivan,
On Wed, Sep 12, 2018 at 12:10 PM Jason Lixfeld
wrote:
> Hi all,
>
> Trying to learn more about JunOS, I’m playin
Hi. We also find something wrong with "protect core".
Seems like Junos 18.1 and 18.2 (running on MX204 in our case) makes one
#Multipath equal-cost group with ALL paths except one worst AND one with worst
path - as backup.
I think it must create #Multipath forwarding-only route with one best (
Hi,
I use feature "redundant-trunk-group" on EX3300 stack.
It is working OK, and i can check status of Active/Backup interfaces in
CLI with show redundant-trunk-group :
> show redundant-trunk-group
Group name Interface State Time of last flap
Flap count
uplink xe-0/1/1.0
Probably the knob from the link below configured towards the r1 will
prevent sending the default
https://www.juniper.net/documentation/en_US/junos/
topics/example/vpn-proxy-bgp-route-target-filtering-configuring.html
Ivan,
On Tue, Jun 6, 2017 at 10:55 PM, Mihai wrote:
> Hi,
>
> Wh
Hi,
Check this link -
https://www.juniper.net/documentation/en_US/junos/topics/concept/vpn-proxy-bgp-route-target-filtering-understanding.html
If you configure the rest of the routers with family route-target r3 and r4
will stop sending the proxy route you see. Or just use RR.
Ivan,
On Tue
Hi Shaffi,
The features from 'F' versions are merged in 16.1R1 onwards. So better
upgrade to 15.1F6 e.g. for testing telemetry interface.
Ivan,
On Tue, Apr 11, 2017 at 4:38 PM, wrote:
> Actually, not sure your release supports it. Indeed Junos Telemetry
> Interface was introd
can't be seen with any operational command. This behavior was changed,
and now they show as hidden routes.
Ivan,
On Tue, Feb 28, 2017 at 7:20 PM, Aaron wrote:
> I am using logical systems in my lab and trying to see the
> auto-advertisement of the lo0 interface working and it's
.
HTH,
Ivan,
On Wed, Sep 28, 2016 at 11:01 AM, Johan Borch wrote:
> Hi
>
> Lets say i have two PE-routers, router1 and router2.
>
> They run MP-BGP, MPLS and so on, the usual stuff. I have one VRF with a lot
> of routes in (DFZ). Router2 is not importing the vrf-target for this
hough.
HTH,
Ivan,
On Wed, Nov 11, 2015 at 4:07 PM, "Rolf Hanßen" wrote:
> Hi,
>
> I have a quite simple setup, SRX with a WAN connection and some LAN stuff.
> WAN is single-homed.
> I now want to add a second uplink interface and put it into the existing
> WAN/untrus
to 6MB or 7MB. And you will be able to accommodate two full
feeds in the FIB.
11650408 bytes available (11609600 bytes from free pages)
I would recommend to check for any know PR using that feature with 11.4
Ivan,
On Wed, Jul 22, 2015 at 4:31 PM, Jeff Meyers wrote:
> Hi,
>
> thank
tion/
junos-software-jtree-memory-repartitioning.html
Note, that this will use the part of the memory reserved for filters (Jtree
segment 1) for storing route information. You that feature only if don't
have many filters configured.
Ivan,
On Wed, Jul 22, 2015 at 7:52 AM, Mark Tinka wrote:
CX5000
<https://www.juniper.net/us/en/products-services/routing/acx-series/acx5000/>
Ivan,
On Mon, Jul 13, 2015 at 3:54 PM, Aaron wrote:
> Hi everyone,
>
>
>
> I'm needing more 10 gig ports in my CO's for purposes of upgrading my FTTH
> OLT shelves with 10 gig. I c
Hi,
You might want to upgrade to latest service release for EX4300 (see the
link below)
http://kb.juniper.net/InfoCenter/index?page=content&id=S:TSB16691&smlogin=true
HTH
Ivan,
On Wed, May 27, 2015 at 4:00 PM, Scott Granados
wrote:
> Hi,
> I’ve downloaded the latest recomm
can try to script it and run it
on all PEs.
Ivan,
On Thu, May 21, 2015 at 7:00 PM, Dave Bell wrote:
> Hi Tim,
>
> If you are using LDP then traffic will automatically switch to follow the
> IGP. No clearing of LSPs required.
>
> Regards,
> Dave
> On 21 May 2015 18:49
sts it. It might be that I am wrong.
Ivan,
On Mon, May 18, 2015 at 7:24 AM, Adam Vitkovsky
wrote:
> Hi James
>
> > James Jun
> > Sent: 16 May 2015 16:20
> >
> > The problem however is that I'm using the P's also as route-reflectors
> for
> > distributi
;
}
term 2 {
from {
route-filter 0::0/0 prefix-length-range /128-/128;
}
to rib inet6.3;
then accept;
}
term last {
then reject;
}
}
}
Ivan,
On Sat, May 16, 2015 at 4:20 PM, James Jun wrote:
> Hey Adam,
>
> Thanks
Hi Raphael,
Check that link for differences between auto-export and rib-groups:
http://forums.juniper.net/t5/TheRoutingChurn/Using-rib-groups-or-auto-export-for-route-leaking/ba-p/202349
I don't see why to not use rib-groups except if they are not support too.
HTH
Ivan,
On Thu, Apr 16,
Hi Raphael,
Check that link for differences between auto-export and rib-groups:
http://forums.juniper.net/t5/TheRoutingChurn/Using-rib-groups-or-auto-export-for-route-leaking/ba-p/202349
I don't see why to not use rib-groups except if they are not support too.
HTH
Ivan,
On Thu, Apr 16,
done on Junos to have users with different
privileges authenticated via RADIUS or TACACS+ servers.
I hope now is more clear to you!
Ivan,
On Tue, Apr 14, 2015 at 11:08 AM, Sukhjit Hayre <
sukhjit.ha...@googlemail.com> wrote:
>
>
> Hi Ivan
>
> The goal is for ACS to be
Hi Sukhjit,
Why don't you use local template accounts to accomplish that?
http://www.juniper.net/documentation/en_US/junos13.3/topics/task/configuration/authentication-user-local-template-account-configuring.html
ACS should be able to push 'local-username' attribute via tacacs+.
Hi Tom,
Try with 'general-ikeid' on SRX side under the definition of ike gateway.
You might need to upgrade Junos to have that option.
host@srx# set security ike gateway general-ikeid
HTH,
Ivan,
On Fri, Mar 13, 2015 at 3:35 PM, Tom Storey wrote:
> Hi everyone,
>
> Try
Hi,
Check this out!
https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR931184
HTH,
Ivan,
On Tue, Dec 23, 2014 at 5:01 PM, Jean Benoit wrote:
> Hello,
>
> Does anyone know if Juniper has issued a patched version
> of JunOS for the following vulnera
means that it should work only with 'vrf-table-label'
Can you send the output from 'show route table mpls label 340240'?
And when you remove the vt- interface from routing-instance to send again
the output form 'show ldp database p2mp'
Ivan,
On Fri, May 16, 2014
Hi,
Yes, the vpn-tag is 0 from the output. But side effect of the command
"domain-vpn-tag
0" is to remove the DN bit from Type 5 and Type 7 LSAs. This could help in
that case on CE side. You can give a shoot, it will not hurt. But just in
case you can do it in maintenance window.
HTH
Hi,
Try to configure under the OSPF stanza for removing DN bit in Type 5
LSA - 'domain-vpn-tag
0'
If you want to disable DN bit checks for Type 3 LSA add - 'domain-id
disable'
HTH,
Ivan,
On Tue, Apr 29, 2014 at 8:49 AM, Amos Rosenboim wrote:
> Hi,
>
> I know Ci
the case with
OSPF so with OSPF it should work.
R4@M7i-2# run show route 8.8.8.8/32 extensive - should show that the route
is secondary in Customer.inet.0
HTH,
Ivan,
On Wed, Jun 5, 2013 at 11:43 AM, Mihai Gabriel wrote:
> I don't have the book with me right now to check, but I tried yo
Hi,
Here you check some ideas for using BGP in datacenter routing.
http://tools.ietf.org/html/draft-lapukhov-bgp-routing-large-dc-04
HTH
Ivan,
On Wed, Jun 5, 2013 at 5:24 AM, Ihsan Junaidi Ibrahim wrote:
> Hi,
>
> I'm building an infrastructure which comprises of a few tens
gt; > It's the answer to the universe!
> > >
> > >
> > > *faints*
> > >
> > > On 04/06/2010, at 11:08 AM, Tommy Pernici...
> >
> >
> ___
> juniper-nsp mailing list juniper-nsp@puck.net
Hi,
http://kb.juniper.net/InfoCenter/index?page=content&id=KB10926&actp=search&viewlocale=en_US&searchid=136661818
Here is written that it uses layer 2,3 and 4 for load balancing hash
algorithm. And yes, the "forwarding-options hash" is not configurable on
EX-se
Hi,
In that case you try Tricolor marking policer to mark the excessive traffic
and drop it on output. It is not exactly the same but could help.
http://www.juniper.net/techpubs/en_US/junos10.4/information-products/pathway-pages/cos/tricolor-marking-policers.html
HTH,
Ivan,
On Wed, Oct 17
type vrf'
Then you will not need 'domain-vpn-tag 0'.
HTH,
Ivan,
On Wed, Jul 25, 2012 at 10:14 AM, vaibhava varma wrote:
> Hi Ivan
>
> I could not get the manual loop prevention thing working as whenever I
> tried to set any tag while redistributing mp-ibgp to OSPF a
Hi,
You can prevent this by implementing manual loop prevention. You can use
the tag field in the external LSA to tag the routes and based on that to
filter them on the other PE.
Regards,
Ivan,
On Mon, Jul 23, 2012 at 1:08 PM, vaibhava varma wrote:
> Hi Ivan
>
> I finally got the
Hi,
Yes, this could be the case.
domain-vpn-tag 0
This will delete the DN bit option in Junos. (This works only on Type 5 and
Type 7 LSAs)
HTH,
Ivan,
On Fri, Jul 13, 2012 at 1:29 PM, Arun Kumar wrote:
> Hi,
>
> If its a VRF lite CE with OSPF running, then the same loop p
Hi,
Probably because those policies are only for filtering summary LSAs, not
for changing their metric. I did not find anything mentioned about metric
in the examples.
HTH,
Ivan,
On Thu, Jul 5, 2012 at 4:43 PM, Piotr wrote:
> Hello,
>
> I have routers in area2 and area0, srx 11.4R1.6
Hi,
Did you try with Type 3 route (ABR instead of ASBR role for PE)? I don't
know if this is applicable for your design.
I see that you use the same domain-id on both PE or I am wrong? In that
case the LSA should be Type 3 not Type 5.
HTH,
Ivan,
On Wed, Jul 11, 2012 at 11:45 AM, vai
Hi,
If you want to summarize from area 0 to area 1 you should put the
'area-range' in area 0. Did you try that? Don't forget the restrict to
filter the route.
HTH
Ivan,
On Thu, May 10, 2012 at 5:06 AM, Morgan McLean wrote:
> Also, just to add to this, if I try to deny a ro
eling is not an option here).
> > > thanks in advance for your comments.
> > > Andrew
> > > ___
> > > juniper-nsp mailing list juniper-nsp@puck.nether.net
> > > https://puck.nether.net
routing-options
> >>>> hierarchy; and the local-as under protocols bgp group hierarchy;
> >>>>
> >>>>
> >>>>
> >>>> Mohammad Salbad
> >>>>
> >>>> ___
> >>>> juniper-nsp mailing list juniper-nsp@puck.nether.net
> >>>> https://puck.nether.net/mailman/listinfo/juniper-nsp
> >> ___
> >> juniper-nsp mailing list juniper-nsp@puck.nether.net
> >> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
--
Best Regards!
Ivan Ivanov
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
HI,
You can see what you are advertising to specific neighbor with:
show route advertising-protocol bgp
HTH,
Ivan,
On Thu, Jan 5, 2012 at 12:41, Affandi Indraji wrote:
> Hi,
>
> I understand that doing the origination from Junos is slightly different
> from Cisco.
>
> Ci
Hi,
Try to enable LDP on the loopbacks on PE1, P1 and PE2 and you will have
FECs from PE1 to PE2 via LDP tunneled in both RSVP LSPs.
If I understand you correctly this what your trying to accomplish.
HTH
Ivan,
On Mon, Dec 26, 2011 at 09:24, vaibhava varma wrote:
> Hi Mark
>
> Thank
Hi Paul,
Try to add 'remote-site-id '
site dis1.millbrook1 {
site-identifier 1;
interface ge-1/3/5.512 {
remote-site-id 2;
}
}
Hope this helps!
Ivan,
On Tue, Oct 18, 2011 at 2
eventually 'set protocols
mpls traffic-engineering bgp-igp' in the configuration, as this command will
do exactly what you described?
Hope this will help you!
Ivan,
On Sat, Oct 15, 2011 at 00:12, Peter K wrote:
> We are in the process of enabling traffic engineering with shortcuts for
&g
t;
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
--
Best Regards!
Ivan Ivanov
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
domains.
Thank you again!
On Thu, Oct 13, 2011 at 23:25, Jonas Frey (Probe Networks) <
j...@probe-networks.de> wrote:
> Hello Ivan,
>
> as Humair already pointed out you need to have encapsulation vlan-bridge
> and vlan-ccc on one of each of the lt- interfaces.
>
> Best reg
0 {
> > >>> encapsulation vlan-bridge;
> > >>> vlan-id 100;
> > >>> }
> > >>> }
> > >>> }
> > >>>
> > >>> neighbor xxx {
> > >>> interface xe-1/0/0.20 {
> > >>> virtual-circuit-id 20;
> > >>> ...
> > >>> ...
> > >>> }
> > >>> }
> > >>>
> > >>>
> > >>>
> > >>> On 2011-08-18, at 4:03 PM, Jonas Frey (Probe Networks) wrote:
> > >>>
> > >>>> Hello all,
> > >>>>
> > >>>> i am trying to build a l2circuit on a MX. The problem is that the
> vlan
> > >>>> that needs to be included in the l2circuit comes via xe-1/0/0 which
> is
> > >>>> configured in bridge mode:
> > >>>> unit 0 {
> > >>>> family bridge {
> > >>>> interface-mode trunk;
> > >>>> vlan-id-list [ 20 30 40 ];
> > >>>> }
> > >>>>
> > >>>> I need to build this l2circuit with vlan 20.
> > >>>>
> > >>>> However when configuring the l2circuit i do not have a interface to
> use
> > >>>> as the bridge doesnt create any subinterface for the vlan.
> > >>>>
> > >>>> neighbor xxx {
> > >>>> interface ??? {
> > >>>> virtual-circuit-id 20;
> > >>>>
> > >>>>
> > >>>> I cant configure any subinterface on xe-1/0/0 (like unit 1)
> because
> > >>>> bridge mode prohibits that.
> > >>>>
> > >>>> How can i get this to work?
> > >>>>
> > >>>> Best regards,
> > >>>> Jonas
> > >>>> ___
> > >>>> juniper-nsp mailing list juniper-nsp@puck.nether.net
> > >>>> https://puck.nether.net/mailman/listinfo/juniper-nsp
> > >>>
> > >
> > >
> > > ___
> > > juniper-nsp mailing list juniper-nsp@puck.nether.net
> > > https://puck.nether.net/mailman/listinfo/juniper-nsp
> >
> >
> > ___
> > juniper-nsp mailing list juniper-nsp@puck.nether.net
> > https://puck.nether.net/mailman/listinfo/juniper-nsp
>
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
--
Best Regards!
Ivan Ivanov
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
tes routes
> due
> > to
> > > the RD, but dont know if this works or not .
> > >
> > > anyone has had similar issue and found a workaround ?
> > >
> > > does the 2 option above actually work or not ?
> > >
> > > thanks for any input
per-nsp
>
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
--
Best Regards!
Ivan Ivanov
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
- 'request system snapshot'.
>
> HTHs.
>
> Stefan Fouant, CISSP, JNCIEx2
> www.shortestpathfirst.net
> GPG Key ID: 0xB4C956EC
>
>
>
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
--
Best Regards!
Ivan Ivanov
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
be resolved by the agg. The same should be for the
IBGP session between R3 and R4.
HTH
On Wed, Mar 16, 2011 at 10:30, medrees wrote:
> Hi Ivan
>
>Thanks, I'm understanding this and know the solution, but I'm asking why
> there are difference In behavior in different rout
route.
>
> But the question is why the remote router choose this route as active one
> while the direct connected router (Route-reflector client ) flagged this
> route as hidden route??
>
>
> ___
> juniper-nsp mailing list juniper
>
> Best Regards
>
> Brahampal singh
>
>
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
--
Best Regards!
Ivan Ivanov
_
t (ready
> for the SRX1400 to come out...). i've read and heard that the 3k/5k are
> much more stable . . . here's to hoping!
>
> Thanks,
>
> Will
> ___
> juniper-nsp mailing list juniper-nsp
ology Services, IBM
> fa...@pk.ibm.com
> +92-301-8247638
> Skype: fahad-ibm
> http://pk.linkedin.com/in/muhammadfahadkhan
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper
t; equivalent of a VSYS capability in the SRX, you can get similar
> functionality out of VRFs... although this is not a "supported"
> configuration at this time, I've done it for several customers and it
> works.
>
> HTHs.
>
> Stefan Fouant, CISSP, JNCIEx2
> www.shortest
tested, until end of the week I will
let you know.
Ivan,
On Mon, Aug 2, 2010 at 23:58, Amos Rosenboim wrote:
> As far as I know the code you are running is the recommended version by
> Juniper.
> However it's important to mention that I have no experience with the high
> end SRX b
traffic flowing trough the device no problems. We experience
that with ISG and also with Cisco on the other end.
HTH
Ivan
On Mon, Aug 2, 2010 at 4:45 PM, Fahad Khan wrote:
> You mean although you were using recommended Junos but u had the same issue
> and you upgraded to latest junos?
>
8)
which I so far have been unable to find on the Junipers (EX4200). It
would be helpful if someone could point me to the equivalent Juniper
feature or confirm that it is not available.
Thanks
Ivan
___
juniper-nsp mailing list juniper-nsp@puck.nether
.417.0 (Developer Build 0) as
> well.
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
--
Best Regards!
Ivan Ivanov
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
thanks all, appreciated
Ivan
On Tue, Dec 1, 2009 at 4:41 PM, Stefan Fouant
wrote:
>> -Original Message-
>> From: juniper-nsp-boun...@puck.nether.net [mailto:juniper-nsp-
>> boun...@puck.nether.net] On Behalf Of Mark Tinka
>> Sent: Monday, November 30, 2009 11:0
Hi,
Anyone have some book recommendations on MPLS in general?
cheers
Ivan
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
that I am trying to use the netscreen as a SBC or
proxy type device which obviously it isnt designed for.
On Tue, Nov 24, 2009 at 9:51 AM, Tony Frank wrote:
> Hi Ivan,
>
>> it is all direct, the alcatel omni handles the SIP, and then hands off to
>> the phones, which talk direc
ndset to SIP server, or direct handset to handset?
> Do you actually talk SIP handset to handset, or just RTP handset to handset?
>
>
> -Original Message-
> From: Ivan c [mailto:ivann...@gmail.com]
> Sent: Monday, 23 November 2009 16:25
> To: Tony Frank; juniper-nsp@puck.
T was
configured (all phones hide behind the same IP of 1.1.1.100) the
firewall translates to the correct internal phone, in this case
192.168.1.1."
On Mon, Nov 23, 2009 at 4:14 PM, Ivan c wrote:
> hi Tony, thanks for replying.
>
> The problem I have is that we use a Alcatel voip system
e
NAT with VoIP" in the screenos cookbook works fine for trust to
untrust, but the problem I have is the partner inititated voice
traffic.
The interface DIP wont work as it doesn't know what to NAT the
incoming traffic to.
thanks for any help
Ivan
On Tue, Nov 17, 2009 at 5:33 PM, To
n (NAT-Dst) in combination with a DIP if the
reverse connection is desired as well: KB11901 - [Outbound direction]
How to configure Source Network Address Translation (NAT-src) and
source Port Address Translation (PAT)."
http://kb.juniper.net/KB12835
On Fri, Nov 13, 2009 at 4:38 PM, Ivan c w
Y to a single IP that is not in the egress
interface range?
thanks
Ivan
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
hey
try
#show services stateful-firewall flows
cheers
Ivan
On Fri, Oct 23, 2009 at 8:04 PM, wrote:
> Hi,
>
>
>
> I have configured an SRX machine with source NAT and destination NAT as
> followed:
>
> set security nat source pool WAN_Address address x.x.x.x/32
>
take a look at Opsview, its built on Nagios
very nice
cheers
Ivan
On Tue, Oct 13, 2009 at 7:39 AM, Paolo Lucente wrote:
> Hi Brendan,
>
> On Sun, Oct 11, 2009 at 11:24:36PM -0400, Brendan Mannella wrote:
>
>> I have a project to gain some much needed visibility in
hese systems
Thanks
Ivan
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
more information on the data path for security features, see JUNOS
Software Security Configuration Guide.
http://www.juniper.net/techpubs/software/junos-security/junos-security94/junos-security-swconfig-interfaces-and-routing/frameset.html
Thanks
, see JUNOS
Software Security Configuration Guide.
http://www.juniper.net/techpubs/software/junos-security/junos-security94/junos-security-swconfig-interfaces-and-routing/frameset.html
Thanks
Ivan
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
> Sounds great if QEMU fixes this little caveat...
>
> Cheers
> Patrik
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
hey Hendrik
Thanks for the info.
Stupid oversight on my part, had the incorrect mask on my loopback
filter, which missed the BGP peer
cheers
Ivan
On Tue, Jul 21, 2009 at 5:23 PM, Hendrik
Kahmann wrote:
>
> Hello Ivan,
>
> could you please add the configuration block of your loopba
idled
Jul 21 06:28:30 router rpd[1134]: bgp_peer_init: BGP peer
150.xxx.xxx.xxx (External AS 6) local address 20x.xxx.xxx.xxx not
found. Leaving peer idled
Jul 21 06:28:30 router rpd[1134]: RPD_TASK_BEGIN: Commencing routing
updates, version 9.3R3.8, built 2009-05-12 22:37:06 UTC by build
anyone have any experience with the SSL and IPSec capabilities on the following:
Check Point Connectra
Fortinet
thanks
Ivan
On Thu, Oct 30, 2008 at 2:10 AM, Brandon Bennett <[EMAIL PROTECTED]> wrote:
> On Tue, Oct 28, 2008 at 7:40 PM, Ivan c <[EMAIL PROTECTED]> wrote:
>>
Further to that query, can anyone suggest an appliance that fulfils
both client-less SSL and IPSec VPN modes?
thanks
Ivan
On Tue, Oct 28, 2008 at 9:54 PM, George Guzic <[EMAIL PROTECTED]> wrote:
> Juniper doesn't support IPSEC on their SA devices. You'll need the SSG
Hi,
Can anyone with Juniper SA experience tell me if they support IPSec tunneling?
I like the look of the client-less SSL stuff, but whether they can
support tunneling to other IPSec devices is just as important.
Thanks
Ivan
___
juniper-nsp mailing
I tried to hard code the peer MAC for probes and it hasnt taken
exec nsrp probe interface [ mac_addr ]
I still see the default NSRP MAC for the destination
On Thu, Jul 17, 2008 at 9:01 AM, Ivan c <[EMAIL PROTECTED]> wrote:
> Doesn't seem to be the case though, even though logic
port.
HA1 dot1q trunk
HA1
NS5400<--->5520<-->5520<--->NS5400
It would be helpfull if Juniper provided at least minimual detail on
the protocol.
Any Nortel ninja's out there?
n trunking NSRP?
thanks
Ivan
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
sorry all it is a SSG20
On Tue, Apr 15, 2008 at 3:29 PM, Ivan c <[EMAIL PROTECTED]> wrote:
> Hi,
>
> Has anyone setup a IPSec tunnel between a Cisco VPN Concentrator and a SSG50?
>
> Any gotchas or other issues?
>
> I have seen this, but its between IOS and a Nets
-netscreen-solved/
thanks
Ivan
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
add the no-copy flag into your line
root> request system software add non-validate no-copy reboot
/var/tmp/jinstall-8.5R1.14-export-signed.tgz
cheers
On 12/20/07, chiel <[EMAIL PROTECTED]> wrote:
> Hi all,
>
> I want to upgrade a M5 from 6.2R2.4 to 8.5R1.14. But I don't have a PCMCIA
> card, se
Hi everybody
One quick question about Olive, does it support Cflow?
Thanks in advance
Ivan
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Hi,
Let read this webpage http://www.packetmischief.ca/juniper/olive/index.html.
At the end yo can see another link with more information
Ivan
2007/12/4, Ibariouen Khalid <[EMAIL PROTECTED]>:
>
>
> Hi all,
>
> does some one have the complete procedure to install
sandisk U3 worked, once you remove the U3 app
cheers
Ivan
On 9/12/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> Hi all,
>
> I'm in the process of setting up our second J6350, and part of that
> includes making spare compact flash disks loaded with JunOS in case the
255.255.255.252
frame-relay interface-dlci 199
crypto map IPSec-con
any ideas for the Juniper side of the equation would be much appreciated.
thanks
Ivan
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo
Hi All,
Which standard does Juniper do? Sflow, NetFlow, IPFix, CFlow etc..?
And does anyone have a open source tools to interrogate the
information out of the Juniper for traffic accounting?
Thanks
Ivan
___
juniper-nsp mailing list juniper-nsp
## SECRET-DATA
timeout 5;
source-address 10.xxx.xxx.xxx;
}
}
Now this works if I define the user with no password, but I don't want
to have to define every user that will be administering this router.
user ivan {
uid 2001;
awesome, thanks and appreciate the help.
cheers
Ivan
On 4/24/07, Brandon Bennett <[EMAIL PROTECTED]> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Ivan c wrote:
> > Hi -Ashok
> >
> > Thanks for that.
> >
> > Where do you pl
Hi -Ashok
Thanks for that.
Where do you place the TACACS Configuration? Is it down via the
CSUtil.exe in cisco acs?
thanks
Ivan
On 4/23/07, Ashok Patrick Jude M <[EMAIL PROTECTED]> wrote:
> Hi Ivan,
>
> Please check out the attach doc (tested configurations) helps!
>
d authorization would be good too?
thanks, any help is appreciated
thanks
Ivan
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
96 matches
Mail list logo