Greetings
Hope all is well.
I need to check if Juniper's BGP extended community settings are compatible
with Cisco's BGP extended community settings.
Is it possible to intercommunicate Juniper's BGP extended community with
Cisco BGP extended community ?
Defining BGP Extended Communities for Use
Greetings
Am trying to find more details about Juniper Paragon but the data sheets
does not have what am looking for : (number of devices, LSPs scale, vpn
scale)
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/list
Greetings
I received a question from a customer who already has SRXs in place and is
considering network expansion.
>From SD-WAN perspective , per my understanding, all devices to be
managed/controlled by Mist dashboard , what about the devices
currently with CSO scope from management perspective?
Greetings
Just wanted to clarify something regarding the SD-WAN solution.
Usually CSO was the SD-WAN controller , but now I cannot see it mentioned
in the datasheets, which means the 128T conductor will take place? Or the
integration with Mist will drive the story to Mist cloud to control?
Apprecia
Greetings
I am working with a customer of mine for SD-WAN deployment , the issue the
customer raised is for couple of Cisco routers that he needs to be managed
through CSO , am not sure if there is any capabilities for that but anyone
faced this issue please feed me back.
Appreciated.
Greetings
Hope all is well.
AM working with my customer on a refresh for switches and I have been asked
to check the buffer size for EX4300-48MP but I cannot find any relevant
information.
Any guidance is appreciated.
___
juniper-nsp mailing list juniper
> -KV
>
> -Original Message-
> From: juniper-nsp On Behalf Of Kody
> Vicknair
> Sent: Monday, June 7, 2021 8:59 AM
> To: Mohammad Khalil ; Juniper List <
> juniper-nsp@puck.nether.net>
> Subject: Re: [j-nsp] SRX300 stuck in loader
>
> *External Email:
Greetings
My firewall SRX300 stuck in loader , I brought a large USB , formatted it
and downloaded the image.
https://www.juniper.net/documentation/en_US/junos12.1x44/topics/task/installation/security-junos-os-boot-loader-usb-storage-device-srx-series-device-installing.html
The issue is that it doe
Greetings all
I deployed Juniper SD-WAN for one of my customers a year ago.
However , I know that Juniper acquired 128T and they recently started to
change the relative data sheets , what I am seeking to know is the
deployment for which Juniper will choose 128T edges to be deployed instead
of SRX o
Greetings all
I have replaced my SRX 300 due to failure and using the RMA tool I have
moved the licenses to the new box and activated the licenses using CLI:
tbzadmin@FW-MC# run show system license
License usage:
Licenses LicensesLicensesExpiry
Feature
Hi all
I am aware about the Zero Touch Provisioning process for SD-WAN , what am
trying to find per my customer request is how this process will work if no
Internet connectivity will be in place?
Appreciated.
___
juniper-nsp mailing list juniper-nsp@puck
Hi all
I have accessed the partner portal looking for MTBF for MX routers as my
customer requester but cannot find any clue.
Anyone can help?
Thanks
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/junipe
Greetings all
I have a question if anyone can answer me:
Does Juniper EX3200 switch have the function of a supplicant 802.1x (the
switch can be connected to another switch with the 802.1x authentication
mechanism enabled).
I have went through the below link but did not answer my question fully.
Ins
, 26 Nov 2020 at 15:23, Mohammad Khalil wrote:
> >
> > Greetings
> > Am trying to find out the EoL for MX104 but cannot find it in the
> > below link:
> > https://support.juniper.net/support/eol/hardware/m_series/
> >
> > Thanks in advance
> > __
Greetings
Am trying to find out the EoL for MX104 but cannot find it in the
below link:
https://support.juniper.net/support/eol/hardware/m_series/
Thanks in advance
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/
Hi all
I have the below alarm on my SRX300:
tbzadmin@FW-PB-NEW> show chassis alarms
1 alarms currently active
Alarm time Class Description
2020-10-26 14:19:22 UTC Minor Host 0 Boot from backup root
Am following up on some links to solve the issue:
tbzadmin@FW> request system snaps
Can I use the web generated link to send the file to the SRX box?
https://cdn.juniper.net/software/junos/15.1X49-D230/junos-srxsme-15.1X49-D230-domestic.tgz?SM_USER=xx...@bluezonejordan.com&__gda__=1603804883_8b2ff7114f49ebd48787c32ba78d7720
On Wed, 28 Oct 2020 at 19:42, Mohammad Khalil w
gine'
>
> -Original Message-
> From: juniper-nsp [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf
> Of Mohammad Khalil
> Sent: Thursday, October 22, 2020 3:13 PM
> To: Juniper List
> Subject: [j-nsp] SRX300 Sudden Reboot
>
> Greetings
> I have SRX300
Greetings
I have SRX300 which is running normally for long time except for the last
two weeks where I have suffered from sudden reboot.
Model: srx300
Junos: 15.1X49-D70.3
JUNOS Software Release [15.1X49-D70.3]
Nothing has been changed or added and nothing in the log messages is
related to this.
As
Greetings
I am working on RFP and am proposing MX104 MS-MIC for edge deployment.
What I have been asked is in Cisco ESP , there is a separate process for
each function such as for NAT there is a process , for IPSEC this is a
process.
In MX104 , is there a segregated process for each service?
Thank
Hi all
Am trying to conduct a comparison for campus refresh , my end customer is
deeply interested in deep details.
He is interested to know the buffer size of Juniper switches (EX series)
and I could not find such a piece of information in any place.
If anyone has an idea it would be appreciated.
report it
>
>
> On 4/6/20, 8:13 AM, "Mohammad Khalil" wrote:
>
> Greetings
> Hope all is good
> I have SRX300 and I used to connect to it using dynamic VPN (Only two
> concurrent connections were allowed).
> I have purchased dynamic-vpn-5-
Greetings
Hope all is good
I have SRX300 and I used to connect to it using dynamic VPN (Only two
concurrent connections were allowed).
I have purchased dynamic-vpn-5-users - Dynamic VPN , but am limited now to
5 per the new license , does that mean the new license override?
Thanks
Thank you very much.
On Tue, 26 Nov 2019 at 22:33, Roger Wiklund wrote:
> Here you go
>
>
> https://www.juniper.net/documentation/en_US/junos/topics/topic-map/understanding_media_access_control_security_qfx_ex.html#jd0e108
>
>
> On Tue, Nov 26, 2019 at 9:29 PM Moh
Thanks Roger for the kind feedback.
Is there any HW related documentation I can use for this?
On Tue, 26 Nov 2019 at 22:28, Roger Wiklund wrote:
> Hi
>
> MX204 does not support MACsec, it lacks the hardware for it.
>
>
>
> On Tue, Nov 26, 2019 at 9:04 PM Mohammad Khalil
ment. Depending on what the
> requirements are, the MX204 may be able to secure the L2 elements for your
> customer.
>
> HTH,
> Graham
>
> Graham Brown
> Twitter - @mountainrescuer <https://twitter.com/#!/mountainrescuer>
> LinkedIn <http://www.linkedin.com/in/grahamcbr
Dears
I am working with a customer and MX204 is in play.
The customer concern is MACsec feature support , I have read around
that MX204 doesn’t Support a real MACSEC, but offers unicast MAC DA for
MACsec and MACsec with fallback PSK are which related to allow exchanging
and establishing Macsec conn
Hi All
Am working with a customer of mine for DC refresh project.
Per the requirements , I have been asked about VTEP scale numbers for our
proposed switches which I cannot find to be honest.
Our product is QFX5120-48Y
Any ideas would be appreciated.
Thanks
BR,
Mohammad
_
10k different remote PE. LDP/BGP affects the answer.
>
> It would be far more reasonable to say 'this is scale I need, will it
> work', some might be able to answer, ideally you'd test it yourself or
> ask vendor PS/AS to test it for you.
>
> On Thu, 29 Aug 2019 at
Greetings all.
Am trying to find how many pseduwires are supported on MX10 with no luck.
Any ideas?
Appreciated.
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Greetings all
I was looking for document to validate if Juniper EX2300 supports Kerberos
authentication with no luck
Any ideas?
Thanks!
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Greetings all
I am in a discussion with a customer and am trying to propose him SD-WAN
solution but needs pricing subscription/perpetual in order show it to his
upper management , anyone has an idea?
Thanks!
___
juniper-nsp mailing list juniper-nsp@puck
state
> they don't have to do as the SRX isn't one of their products) or Juniper
> comes out with a new client (which I've heard is suppose to be coming,
> but no ETA) - using the dynamic VPN function on any SRX really isn't a
> reliable option... at least from my ex
Dears
I have Juniper SRX210h configured with multiple IPSEC site to site VPNs
which are still working!
I have configured dynamic VPN (remote access) which was working and stopped
working since a while for all configured users and I have no idea of the
root cause
Any ideas guys?
Appreciated
BR,
Dears
Hope this finds you well
I have been struggling with a new Juniper SRX300 since a while with no luck
The setup is so easy , static IP address from the WAN
When connecting a laptop I can access the GW as well as the Internet
But the box itself is not even reaching the GW!
I did also an upgrade
And I cannot find the command : set system services dhcp propagate-settings
On Wed, 12 Dec 2018 at 11:12, Mohammad Khalil wrote:
> I have followed the below link:
>
> https://www.redelijkheid.com/blog/2017/2/13/juniper-srx-and-dhcp-client-challenge
>
> As per many articles speci
bugs in -D70.
>
> --
> Eldon
>
> On Mon, Dec 10, 2018 at 8:42 AM Mohammad Khalil
> wrote:
>
>> I cannot do the upgrade right now as I have to do the setup so quickly
>> What features should I enable ?
>>
>> On Mon, 10 Dec 2018 at 17:40, Eldon Koyle
train, which is
> 15.1X49-D150.
>
> --
> Eldon
>
> On Mon, Dec 10, 2018 at 1:00 AM Mohammad Khalil
> wrote:
>
>> Hello all
>> I have an old SRX which I configured it is WAN IP address using the below
>> command:
>> set interfaces ge-0/0/0 unit 0 family
Hello all
I have an old SRX which I configured it is WAN IP address using the below
command:
set interfaces ge-0/0/0 unit 0 family inet address dhcp
Now , I have replaced the box with a newer one (srx300 15.1X49-D70.3) but I
cannot find the command itself
I have tried the below:
set interfaces ge-
Dears
I have a new Juniper SRX300
I have downloaded the driver for it (mini USB) and tried to access ti via
console with no luck
The console shows connected but nothing appears on the terminal
Tried to disable flow control and the same
Am using Putty
Any advice ?!
_
Dears
I have formatted the USB using FAT32 , placed the image
Physical reset took place and now the nand_format is repeating itself !
On Sun, 11 Nov 2018 at 15:12, Mohammad Khalil wrote:
> Thanks mate for the help
> Actually , am stuck at the => and cannot reach the loader
> I
pshort
> media usb factory" to the USB stick and afterwards insert that stick
> into the faulty SRX and force it to boot from there.
>
>
>
> Am Sonntag, den 11.11.2018, 14:43 +0200 schrieb Mohammad Khalil:
> > Ops , but it did not work either
> > Nand form
I cannot see : "loading /boot/defaults/loader.conf" when I reset the device
BR,
Mohammad
On Sun, 11 Nov 2018 at 14:43, Mohammad Khalil wrote:
> Ops , but it did not work either
> Nand format failed
>
> BR,
> Mohammad
>
> On Sun, 11 Nov 2018 at 14:46, Jona
Ops , but it did not work either
Nand format failed
BR,
Mohammad
On Sun, 11 Nov 2018 at 14:46, Jonas Frey wrote:
> Hi Mohammad,
>
> thats a typo, its nand_format (note the underscore).
> Am Sonntag, den 11.11.2018, 05:31 -0500 schrieb Mohammad Khalil:
> > => reset
> >
.net/t5/SRX-Services-Gateway/Boot-problem-of-UBoot-srx240-having-status-LED-red/td-p/211103
>
> Regards,
>
> Muhammad Atif Jauhar
> (+966-56-00-04-985)
>
>
> On Sun, Nov 11, 2018 at 11:36 AM Mohammad Khalil
> wrote:
>
>> Hello all
>> I have my Juniper SR
Hello all
I have my Juniper SRX 100h stuck in the u-boot mode
I have tried to download a new image on a USB stick , plugged it into the
device and tried to upgrade with no luck
Looked around but could not find a solution , anyone can help please?
BR,
Mohammad
__
Hi all
I have configured an IPSEC tunnel between two SRX boxes
I can see the tunnels are up from both firewalls but the ICMP is working
from one end and not working from the other end!
I have checked the security policies and I can see everything is normal
Any advice will be appreciated
BR,
Moha
http://fancy.filmranger.com
Mohammad Khalil
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
http://speak.noahnoble.com
Mohammad Khalil
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
http://popular.aliveandwellinkansas.com
Mohammad Khalil
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
security zones security-zone untrust host-inbound-traffic
system-services snmp
set security zones security-zone untrust host-inbound-traffic
system-services snmp-trap
On 17 April 2018 at 13:00, Louis Kowolowski
wrote:
> On Apr 17, 2018, at 2:03 AM, Mohammad Khalil wrote:
>
>
> Hi al
Hi all
I have configured an IPSEC between my SRX210 and a provider who will
provide monitoring services
The IPSEC is up and running and I can reach from my internal servers (LAN)
to their monitoring servers (remote LAN) via ICMP , but they cannot pull
any data through my SNMP
I have configured the
Hi all
I am not that expert with SRX and I need some guidance please
I have connected ge-0/0/0 to my uplink provider and got the public IP
I have established an IPSEC tunnel with another SRX in order for the
printer connected to ge-0/0/1 to have connectivity to another management
software on the ot
Hi all
Am trying to upgrade the software on my of my MX 240 routers
I have determined the image I need , what am trying to do is to use the run
copy file URL command but am unable to :
ssh: https: hostname nor servname provided, or not known
error: file-fetch failed
error: could not fetch local co
ces diagnostics optics ge-x/y/z
>
> HTH
>
> Thx
> Alex
>
> On 05/03/2017 10:51, Mohammad Khalil wrote:
>
> As well , I have checked the log messages , and I can see the below message:
> RPD_ISIS_ADJDOWN : ISIS lost L2 adjacency reason 3-way handshake
>
> BR,
>
: Unlimited
Protocol multiservice, MTU: Unlimited
On 5 March 2017 at 13:19, Mohammad Khalil wrote:
> The inet MTU shows as 1578 , so I have pinged as below:
> run ping 10.0.0.10 size 1550 do-not-fragment
> sometime it shows packet loss and sometimes no
>
> On 5 March 2017 a
nar Haug, Nethelp consulting, sth...@nethelp.no
>
> >
> > BR,
> > Mohammad
> >
> > On 5 March 2017 at 12:24, Mohammad Khalil wrote:
> >
> > > Hi
> > > I have removed the whole filter from the lo0 interface and the same
> applies
> > &
As well , I have checked the log messages , and I can see the below message:
RPD_ISIS_ADJDOWN : ISIS lost L2 adjacency reason 3-way handshake
BR,
Mohammad
On 5 March 2017 at 12:24, Mohammad Khalil wrote:
> Hi
> I have removed the whole filter from the lo0 interface and the same applies
Hi
I have removed the whole filter from the lo0 interface and the same applies
BR,
Mohammad
On 5 March 2017 at 12:03, wrote:
> > I have a BFD session between two routers (which was working normally)
> > Currently , the session is down from one side and init from the other
> side
> > The ISIS ad
Hi all
I have a BFD session between two routers (which was working normally)
Currently , the session is down from one side and init from the other side
The ISIS adjacency is up
What could be the issue?
BR,
Mohammad
___
juniper-nsp mailing list juniper-ns
Thanks all
BR,
Mohammad
On Wed, Oct 12, 2016 at 10:04 PM, Nik Geyer wrote:
> https://fwmig.cisco.com/
>
> -Original Message-
> From: juniper-nsp [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf
> Of Mohammad Khalil
> Sent: Wednesday, 12 October 2016 5:11 AM
Dears
Is there a tool that can help in converting from Juniper ISG-2000 to Cisco
ASA ?
Thanks in advance
BR,
Mohammad
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
set routing-options aggregate defaults preference 250
set routing-options aggregate route 192.168.1.0/19
set routing-options aggregate route 192.168.2.0/20
set routing-options aggregate route 192.168.3.0/21
set policy-options community ALL-COMM members *:*
set policy-options community From-ARBOR m
Hello all
I want to translate from Junos to IOS , I have checked the tool on Juniper
website , it translates from IOS to Junos not vice versa , any ideas guys?
Thanks in advance
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether
Thanks Mark
I just want to check if the configuration I pasted do work (actually am
testing this in GNS3 and am not sure if it will work due to limitations)
On Tue, Apr 19, 2016 at 10:11 AM, Mark Tinka wrote:
>
>
> On 19/Apr/16 08:59, Mohammad Khalil wrote:
>
> > Hi Mark
>
option will be the more scalable and is there any limitation from
the ASR9K line card ?
BR,
On Tue, Apr 19, 2016 at 9:47 AM, Mark Tinka wrote:
>
>
> On 19/Apr/16 08:42, Mohammad Khalil wrote:
> > Thanks a lot Aaron , much appreciated
> > So , VPLS (Cisco term) is operable
Thanks a lot Aaron , much appreciated
So , VPLS (Cisco term) is operable with Juniper
Now , the l2circuit configuration I posted is functional ?
Because I want to propose my customers all options :)
BR,
Mohammad
On Mon, Apr 18, 2016 at 10:27 PM, Aaron wrote:
> you didn't tell me whether you wan
sco config for ASR9k 5.1.3 and ME3600 15.4.x
>
> I interoperated ACX, MX, 9K, Me3600, and I think I actually had Cisco
> ASR903
> and ASR920 working with all this toosimultaneously and I recall all
> worked together.
>
> Which config would you like me to dig for ?
>
>
, 2016 at 2:47 PM, Mohammad Khalil wrote:
> Thanks Steinar
> So we are talking about xconnect from Cisco side and l2circuit from
> Juniper side right?
> Do you have a running template please?
>
> Thanks in advance
>
> BR,
> Mohammad
>
> On Mon, Apr 18, 2016 at 1:4
Thanks Steinar
So we are talking about xconnect from Cisco side and l2circuit from Juniper
side right?
Do you have a running template please?
Thanks in advance
BR,
Mohammad
On Mon, Apr 18, 2016 at 1:49 PM, wrote:
> > Am trying to configure MPLS L2VPN between Cisco and Juniper
> > I know in Cis
Hi all
Am trying to configure MPLS L2VPN between Cisco and Juniper
I know in Cisco VPLS and xconnect
In juniper l2vpn and l2circuit (Kompella and Martini respectively)
What are the compatible methods to follow in this case?
BR,
Mohammad
___
juniper-nsp m
Dears
I have two ISG1000 firewalls , with clustering enabled
I faced some issues with my primary firewall , I restarted the box and when
I checked the configuration it was empty
My concern is , If I have a backup configuration file and I imported back ,
the clustering will work fine again directly
015 at 4:34 PM, Mohammad Khalil wrote:
> Hi , the issue is that I cannot ask the SP to change his router-id neither
> do I can from my side as I have many active sessions
> The issue am trying to resolve now is even if the MPLS LDP neighbor became
> up , the targeted LDP session is pas
We have customer at both ends that need to establish L2VPN
BR,
Mohammad
On Fri, Aug 7, 2015 at 1:39 AM, Craig Whitmore wrote:
> > According to what I know , the router can only have one LDP router-id
>
> > I have one of my PEs (Cisco) configured with a private IP address
> (loopback
> > 0) and
Hi all
I have a cisco/juniper case
According to what I know , the router can only have one LDP router-id
I have one of my PEs (Cisco) configured with a private IP address (loopback
0) and is configured as MPLS LDP router-id
I have a new connection with an uplink provider with Juniper being his
t
Hi all
I have a case where my router is connected to the upstream provider via two
physical links , we decided to configured eBGP over a loopback interface
The issue is that when the remote peer goes down (over which I have learned
the loopback from through static routing) , the route will still be
ftware Suite [10.0R3.10]
BR,
Mohammad
On Thu, Jun 11, 2015 at 9:42 AM, Dale Shaw
wrote:
> Hi Mohammad,
>
> On Thu, Jun 11, 2015 at 4:32 PM, Mohammad Khalil
> wrote:
> >
> > I have mx480 in place and I am having the below log messages
> >
> > Jun 8 18:23:10 CR
Hi all
I have mx480 in place and I am having the below log messages
Jun 8 18:23:10 CR01-A fpc5 NH: Failed to find nh (1657) for deletion
Jun 8 18:23:10 CR01-A fpc5 NH: Failed to find nh (1629) for deletion
Jun 8 18:49:25 CR01-A fpc5 NH: Failed to find nh (1627) for deletion
Jun 8 18:49:25 C
Hi all
I was reading some terms regarding BGP route reflectors and read the terms
in-band and out-of-band route reflectors , I searched to see the difference
but honestly nothing clear about it , can anyone please explain ?
Thanks
___
juniper-nsp mailing
ly installed in the
> box. NOTE: If you have SFP+ ports they will not show as ge- or xe- until
> the optic slot is populated since their personality can change with the
> module.
>
>
> > On Jan 13, 2015, at 8:28 AM, Mohammad Khalil wrote:
> >
> > Hi all
> >
Hi all
How can I know if My device supports 10G interfaces?
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Thanks for the great help
On Wed, Jul 23, 2014 at 3:41 PM, Alexander Arseniev wrote:
> http://www.password-decrypt.com
> allows you to decrypt Juniper $9$ passwords and Cisco 7 passwords.
>
> HTH
> Thanks
> Alex
>
>
> On 23/07/2014 11:34, Mohammad Khalil
Hi , I have some authentication keys I need to retrieve on Juniper boxes
(MX480 , MX240)
I know in Cisco we can do that even with key chain and then show the key
chain to reveal the output
set security authentication-key-chains key-chain ISIS-BFD key 1 secret
"$9$.f5zCA0REyZUn/A0hcwY2"
set protoco
Hi all
I want to influence the outbound traffic for certain prefix , I prepared
the below , just want to make sure it's correct
set policy-options policy-statement LOCAL_PREF term TEST from route-filter
x.x.x.x/24 exact
set policy-options policy-statement LOCAL_PREF term TEST from as-path
inbound-p
Hi guys , can anyone assist with the above configuration ?
I have tried the same with EX4200 and MX480 and did not work as well
BR,
Mohammad
On Wed, Jun 26, 2013 at 11:20 AM, Mohammad Khalil wrote:
> Hi and sorry for the late reply
> Please find the configuration I did
>
Hi all
I got the below log message on one of my EX4200 switches
Feb 23 16:00:10 B-AM022 login: LOGIN_PAM_AUTHENTICATION_ERROR: PAM
authentication error for user cusadmin
Feb 23 16:00:10 B-AM022 login: LOGIN_FAILED: Login failed for user
cusadmin from host 190.249.136.163
The issue is that this s
Hi all
I have configured an IPSEC VPN between two SRX firewalls and it was working
well
Something occurred and the tunnel went down
I have checked the interface terse output and found that the st0 interface
was up/down
I removed the configuration for the st0 interface and configured it again
and it
> --
> Payam Chychi
> Network Engineer / Security Specialist
>
> On Thursday, November 28, 2013 at 3:08 AM, Mohammad Khalil wrote:
>
> Ok I have changed the static IP address to 164 and the static NAT worked ,
> I will try the destination port again
>
>
> On Thu, Nov
Ok I have changed the static IP address to 164 and the static NAT worked ,
I will try the destination port again
On Thu, Nov 28, 2013 at 2:04 PM, Mohammad Khalil wrote:
> Ok i will give it a shot , but before that I have tried something
> different , I just want to configure static NAT (
security policies from-zone untrust to-zone trust policy
DNAT_ALTOS_POLICY then permit
and ping is not working !!
On Thu, Nov 28, 2013 at 1:58 PM, Per Westerlund wrote:
> No.
>
> /Per
>
> 28 nov 2013 kl. 11:53 skrev Mohammad Khalil :
>
> Should I add
Should I add static NAT statement ?
On Thu, Nov 28, 2013 at 1:26 PM, Mohammad Khalil wrote:
> No the session is not up , and I have changed the port to be 23 on both
> sides (junos-telnet) and still not working ?
>
>
> On Thu, Nov 28, 2013 at 1:04 PM, Per Westerlund wrote:
; network.
>
> /Per
>
> 28 nov 2013 kl. 10:32 skrev Mohammad Khalil :
>
> set security policies from-zone untrust to-zone trust policy
> DNAT_ALTOS_POLICY match application TELNET_DNAT
>
> to
>
> set security policies from-zone untrust to-zone trust policy
> DNAT_ALTOS_
ust to-zone trust policy
> DNAT_ALTOS_POLICY then permit
> --- snip
>
>
> 28 nov 2013 kl. 10:08 skrev Mohammad Khalil :
>
> set security policies from-zone untrust to-zone trust policy
> DNAT_POLICY match application junos-telnet
>
> But am already usi
>
> It can be helpful to trace the flow setup to see if there is any traffic
> at all, and where it fails.
>
> /Per
>
> 28 nov 2013 kl. 10:53 skrev Mohammad Khalil :
>
> Yes , it's in place with no luck
> set security nat source rule-set trust-to-untrust fro
borrowing some boilerplate configs.
>
> 28 nov 2013 kl. 10:41 skrev Mohammad Khalil :
>
> set security nat proxy-arp interface ge-0/0/0.0 address 24.173.164.162/32
> ?
>
>
>
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Sorry but it did not work again
set security zones security-zone trust address-book address ALTOS_SERVER
132.147.160.3/32
set applications application TELNET_DNAT protocol tcp
set applications application TELNET_DNAT destination-port
set security nat destination pool DNAT_POOL address 132.14
set security policies from-zone untrust to-zone trust policy
DNAT_POLICY match application junos-telnet
But am already using right ? and junos-telnet is supposed to work in
23 ?
On Thu, Nov 28, 2013 at 12:04 PM, Mohammad Khalil wrote:
> Sorry but it did not work again
> set se
at 11:08 AM, Asad Raza wrote:
> Hi,
>
> DNAT is done before the policy match/route lookup. You need to allow
> x.x.x.x in the policy instead of y.y.y.y
>
> Regards,
>
> Asad
> On Nov 28, 2013, at 11:00 AM, Mohammad Khalil wrote:
>
> > Hi All
> > I h
Hi All
I have srx210h
I Have a server with an IP address x.x.x.x and want to allow telnet access
to it on different port (I chose ) , and assigned it the public IP
address y.y.y.y
But seems not working
set security zones security-zone trust address-book address SERVER
y.y.y.y/32
set applicatio
Hi all
Where can i find the study guide for the JNCIS SP?
Thanks
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
1 - 100 of 148 matches
Mail list logo