Not sure about Juniper but on Cisco PBR does not apply to CPU punted
packets.
So, in most PBR environments you will not be able to reach interfaces
routed in via PBR.
PBR is often counter-intuitive to trouble shoot because it (locally) breaks
most ICMP features.
This may be the expected behavior
Dear All
I have an issue where a remote site will loose its certificates (key-pair
and ca) for no apparent reason.
Cert still had more then a year to go!
What is up? Could not find anything via google.
--
*Med Vänliga Hälsningar / Best Regards*
*Mattias Gyllenvarg
, Mattias Gyllenvarg
wrote:
> Ben,
>
> The BGP selects native over IPsec via local-pref (just a note in this
> context).
>
> That may work. I will try to describe your idea in my own words.
>
> Add a lurking static default to the MPLS-VPN, put it on steroids when
> ip-monitor
unless I'm missing
> something else?
>
> Ben
>
>
> On 29 Aug 2014, at 7:42 pm, Mattias Gyllenvarg
> wrote:
>
> Ben
>
> Close but no cigar.
>
> The IPsec also receives a default via BGP so that works like a charm. No
> need for interface routing.
d 21:51:10, localpref 100
> AS path: 65500 I, validation-state: unverified
> > to 172.30.3.2 via ge-0/0/3.0
>
>
>Cheers,
>
> Ben
>
> On 29 Aug 2014, at 3:30 am, Mattias Gyllenvarg
> wrote:
>
> Even is the default
> to mainline Junos will be a glorious one...
>
> Cheers,
>
> Ben
>
> On 28 Aug 2014, at 9:00 pm, Mattias Gyllenvarg
> wrote:
>
> > I have looked over these and they are the basis of the configuration I am
> > using.
> >
> > The setup is advanced in
ndrew Jones
> wrote:
> > >
> > > > Surely the test will never recover without intervention, as the
> interface
> > > > it uses gets disabled?
> > > >
> > > >
> > > > On 28.08.2014 02:28, Tyler Christiansen wrote:
> > > >
&g
{
interface fe-0/0/3 {
disable;
}
}
}
}
}
*
--
*Med Vänliga Hälsningar / Best Regards*
*Mattias Gyllenvarg*
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https
Pederson*
> Mankato Networks LLC
> cell | 612.481.0769
> work | 612.787.7392
> levipeder...@mankatonetworks.net
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
--
*Med Vänliga Hä
>> This way you can use several addresses with one interface. (Extremely
>> helpful if you migrate IPsec VPNs to an existing setup.)
>>
>> /Per
>>
>> 6 maj 2014 kl. 14:56 skrev Mattias Gyllenvarg :
>>
>> A little vague question but I will try.
>>
the untrusted side. :)
//Mattias
On Tue, May 6, 2014 at 2:35 PM, Mike Devlin wrote:
> are using local-address config line under edit security ike gateway blah?
>
>
> On Tue, May 6, 2014 at 8:24 AM, Mattias Gyllenvarg
> wrote:
>
>> Turns out the HUB node can not be on
Turns out the HUB node can not be on use a "secondary" IP as the Gateway IP
for the IPsec termination.
This workes on SRX240 in a very similar installation. But not on the
SRX210HE2 in this installation.
//Mattias Gyllenvarg
On Fri, May 2, 2014 at 5:07 PM, Mike Devlin wrote:
>
a template) many
times.
Removed and reapplied all security config. Reloaded and so on.
st0.0 is in trusted and all policies are in place.
Can't find a known bug or deeper troubleshooting help then check your
proposals, for this error.
--
*Best Regards*
*Mattias Gylle
For the archives...
address-book {
VPN-Management {
address Management {
wildcard-address 10.0.255.0/255.0.255.255;
}
}
}
On Wed, Jan 22, 2014 at 2:55 PM, Mattias Gyllenvarg
wrote:
> Dear All
>
> I am looking at keeping a neat config in a VPN-hub de
documentation for address books.
Hints?
--
*Med Vänliga Hälsningar*
*Mattias Gyllenvarg*
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Hi Mr Ackroyd
Actually it was not, it was before but I removed it when I removed the st
interface to re apply it.
I have since then fixed the original issue and now got through IKE and have
it working.
Thank you.
Mattias Gyllenvarg
On Mon, Nov 25, 2013 at 2:32 PM, Nicholas Ackroyd wrote
Ev1
iked_pm_ike_spd_select_ike_sa failed. rc 1, error_code: No proposal chosen
ikev2_fb_spd_select_sa_cb: IKEv2 SA select failed with error No proposal
chosen (neg de5800)
ike_isakmp_sa_reply: Start
--
*Best Regards*
*Mattias Gyllenvarg*
___
jun
17 matches
Mail list logo