Re: [j-nsp] Loopback VPN termination High End SRX

doesnt matter,the hashing is the same if you reverse the IPs. Use your phase 1 addresses On Sun, Jan 26, 2014 at 10:13 PM, Phil Fagan philfa...@gmail.com wrote: Looks like the keywords here are anchoring VPN to an SPU. I think this involves the way RG mappings occur on SPU(s). Anyone with info

Re: [j-nsp] Loopback VPN termination High End SRX

@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp -- Phil Fagan Denver, CO 970-480-7618 ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Difference between refused and not permitted

That's what I'm thinking. On Dec 19, 2013 9:29 AM, John Neiberger jneiber...@gmail.com wrote: When I telnet from a Juniper router to a device on one TCP port I get connection refused, but if I try some other ports I get operation not permitted. What is the difference between these messages? Is

Re: [j-nsp] ip fragmentation, different mtu sizes

Are you trying to transit 1500 or terminate 1500? You should be able to pass and fragment. But maybe the mgmt plane won't frag if your trying the interface itself. hi, all: i have a genetic question regarding ip fragmentation. i have two routers; one is cisco and another is juniper. they

Re: [j-nsp] Split tunneling on government networks

Curious to know what folks think about potential security issues with split tunnel On Dec 3, 2013 6:54 PM, Herro91 herr...@gmail.com wrote: Hello, I am doing some research regarding whether government agencies generally are for or against enabling split tunnels for their teleworkers?

Re: [j-nsp] VC question

Pro=junos Con=nonjunos :-) On Oct 8, 2013 10:05 AM, R S dim0...@hotmail.com wrote: Is anybody able to tell me which are the very technical pro and cons between Juniper VC solution (vccp) against Cisco stack (Stackwise?) and Huwaei stack (iStack?) solutions ? Tks

Re: [j-nsp] Maximum session capacity in SRX cluster

://puck.nether.net/mailman/listinfo/juniper-nsp -- Phil Fagan Denver, CO 970-480-7618 ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Maximum session capacity in SRX cluster

Link: http://www.juniper.net/us/en/community/junos/training-certification/day-one/networking-technologies-series/scaling-beyond-single-srx-dc/ On Fri, Oct 4, 2013 at 9:03 AM, Phil Fagan philfa...@gmail.com wrote: Correct; in a cluster your limited to the session count capability of a single

Re: [j-nsp] SRX fab links through EX VC- seeing enumerating MAC addresses

@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp -- Phil Fagan Denver, CO 970-480-7618 ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] SRX fab links through EX VC- seeing enumerating MAC addresses

. ** ** -andy ** ** *From:* Phil Fagan [mailto:philfa...@gmail.com] *Sent:* Friday, October 04, 2013 2:52 PM *To:* Andy Litzinger *Cc:* juniper-nsp@puck.nether.net *Subject:* Re: [j-nsp] SRX fab links through EX VC- seeing enumerating MAC addresses ** ** Very little is said other than

Re: [j-nsp] Peering Configuration

@puck.nether.net https://puck.nether.net/**mailman/listinfo/juniper-nsphttps://puck.nether.net/mailman/listinfo/juniper-nsp -- Phil Fagan Denver, CO 970-480-7618 ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo

Re: [j-nsp] Default route origination for Ibgp

mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp -- Phil Fagan Denver, CO 970-480-7618

Re: [j-nsp] IS-IS over ST interface on an SRX?

What issues are you seeing with OSPF? Been seeing healthy BGP configs with the st's if that's an option for you. On Oct 1, 2013 7:45 PM, Morgan McLean wrx...@gmail.com wrote: Am I able to configure family iso over an ST interface? Not looking like its an option on a 210 I'm messing with.

Re: [j-nsp] Matching specific OSPF routes in aggregate policy

Got it; well let me know if you find either because its a very interesting scenario! Always a fan of the clever solutions :-) On Mon, Sep 30, 2013 at 1:11 PM, Rob Foehl r...@loonybin.net wrote: On Fri, 27 Sep 2013, Phil Fagan wrote: could you use BGP multi-hop and simply peer directly

Re: [j-nsp] Matching specific OSPF routes in aggregate policy

could you use BGP multi-hop and simply peer directly to the MX bypassing the need to redist routes in though your OSPF core? On Thu, Sep 26, 2013 at 3:51 PM, Rob Foehl r...@loonybin.net wrote: On Thu, 26 Sep 2013, Phil Fagan wrote: Is your aggregate policy already on the MX and is its

Re: [j-nsp] srx240 | frame-relay t1.606

standard t1.606. any pointers/links would be appreciated. thanks! q. -- quinn snyder snyd...@gmail.com ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp -- Phil Fagan Denver, CO 970

Re: [j-nsp] Matching specific OSPF routes in aggregate policy

://puck.nether.net/**mailman/listinfo/juniper-nsphttps://puck.nether.net/mailman/listinfo/juniper-nsp -- Phil Fagan Denver, CO 970-480-7618 ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] srx240 | frame-relay t1.606

? q. -= sent via ipad. please excuse brevity, spelling, and grammar =- On Sep 26, 2013, at 13:18, Phil Fagan philfa...@gmail.com wrote: Looks like only 102 and 107; not 106. On Wed, Sep 25, 2013 at 4:50 PM, quinn snyder snyd...@gmail.com wrote: all -- just a quick reachout. trying to dig

Re: [j-nsp] TCN guard on Juniper EX

@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp -- Phil Fagan Denver, CO 970-480-7618 ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] SRX5k problem

://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp -- Phil Fagan Denver, CO 970-480-7618

Re: [j-nsp] BGP selection

___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp -- Phil Fagan Denver, CO 970-480-7618 ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net

Re: [j-nsp] SRX5800 - Security-Profile for Logical Systems

-- Phil Fagan Denver, CO 970-480-7618 ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] VPN tunnel between OpenSwan and SRX220

Any resolve? On Aug 6, 2013 10:34 AM, Laurent CARON lca...@unix-scripts.info wrote: Hi, I'm trying to establish a VPN tunnel between a SRX220 and an OpenSwan box. SRX is: Model: srx220h JUNOS Software Release [12.1X44-D20.3] OpenSwan: 2.6.37 Both are currently hooked on a test LAN.

Re: [j-nsp] VPN tunnel between OpenSwan and SRX220

__**_ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/**mailman/listinfo/juniper-nsphttps://puck.nether.net/mailman/listinfo/juniper-nsp -- Phil Fagan Denver, CO 970-480-7618 ___ juniper-nsp mailing list

Re: [j-nsp] LN2600: an 8SFP Branch SRX

https://puck.nether.net/mailman/listinfo/juniper-nsp -- Phil Fagan Denver, CO 970-480-7618 ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] LN2600: an 8SFP Branch SRX

- From: juniper-nsp [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Phil Fagan Sent: Friday, August 02, 2013 10:12 AM To: Julien Goodwin Cc: juniper-nsp Subject: Re: [j-nsp] LN2600: an 8SFP Branch SRX Where do these rugged devices usually get put? Just outdoors? On Fri, Aug 2

[j-nsp] IKEv2 Compatablity

Anyone out there running IKEv2 with PKI on SRX? -- Phil Fagan Denver, CO 970-480-7618 ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp