ust zone, as follows
> >>>>>>
> >>>>>> zones {
> >>>>>> security-zone trust {
> >>>>>> tcp-rst;
> >>>>>> host-inbound-traffic {
> >>>>>> system-service
host-inbound-traffic {
>>>>>> system-services {
>>>>>> any-service;
>>>>>> }
>>>>>> protocols {
>>>>>> all;
>>>>>> }
>>>>&
{
>>>>>> any-service;
>>>>>> }
>>>>>> protocols {
>>>>>> all;
>>>>>> }
>>>>>> }
>>>>>> interfaces {
>
es {
>>>>> all;
>>>>> }
>>>>> }
>>>>> }
>>>>>
>>>>> Will this accomplish what you are suggesting?
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
}
>>>>> }
>>>>> interfaces {
>>>>> all;
>>>>> }
>>>>> }
>>>>> }
>>>>>
>>>>> Will this accomplish what you are suggesting?
>>>>>
&g
t;>> Will this accomplish what you are suggesting?
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On 2013-03-20 11:52 AM, "Patrick Dickey" wrote:
>>>>
>>>>> I don&
>>>> Will this accomplish what you are suggesting?
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On 2013-03-20 11:52 AM, "Patrick Dickey"
>>>>wrote:
>>>>
t;>>
>>>> I don't remember if the J series behaves exactly like the SRXs when it
>>>> comes
>>>> to IPSec, but if it is make sure to put the st0.x interface into a
>>>> security
>>>> zone and have a security policy allowing the traffic.
>>&
he st0.x interface into a
>>> security
>>> zone and have a security policy allowing the traffic.
>>>
>>> I believe that's only a requirement if you're running the enhanced
>>> services/security code on the J, but I think you have to be to
t; zone and have a security policy allowing the traffic.
> >>
> >> I believe that's only a requirement if you're running the enhanced
> >> services/security code on the J, but I think you have to be to get
> IPSec.
> >>
> >> HTH
> >>
> >>
I believe that's only a requirement if you're running the enhanced
>> services/security code on the J, but I think you have to be to get IPSec.
>>
>> HTH
>>
>>
>> -Original Message-
>> From: juniper-nsp-boun...@puck.nether.net
>> [mailto:ju
rity code on the J, but I think you have to be to get IPSec.
>
>HTH
>
>
>-Original Message-
>From: juniper-nsp-boun...@puck.nether.net
>[mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Bill Sandiford
>Sent: Wednesday, March 20, 2013 8:47 AM
>To: juniper-
Check the MTU of the physical interface, some GigE interface modules on the
J-Series routers only support 9014 bytes, Junos allows you to set to 9192,
try to drop the MTU value to 9000 bytes.
On Wednesday, March 20, 2013, Bill Sandiford wrote:
> Here is some outputŠIP addresses sanitized with x.x
t: [j-nsp] Help needed with IPSEC VPN on J-Series
Hi All,
I need some help with an IPSEC tunnel that I just can't seem to get working
on a J-6350. I have been able to get the tunnels to come up, but can't seem
to pass traffic over the tunnels
I've done the usual things. I've c
Here is some outputŠIP addresses sanitized with x.x.x.x of course
> show security ipsec security-associations
Total active tunnels: 1
IDGateway Port Algorithm SPI Life:sec/kb Mon
vsys
<131073 x.x.x.x500 ESP:3des/md528c1a297 2675/ 838856 -
root
>1310
Are the st-interfaces UP? What does show security ipsec security-associations
say? (Am offline; spellcheck needed...)
Bjørn Tore @ mobil
Den 20. mars 2013 kl. 15:46 skrev Bill Sandiford
:
> Hi All,
>
> I need some help with an IPSEC tunnel that I just can't seem to get working
> on a J-6350.
Hi All,
I need some help with an IPSEC tunnel that I just can't seem to get working on
a J-6350. I have been able to get the tunnels to come up, but can't seem to
pass traffic over the tunnels
I've done the usual things. I've created an st0.0 interface and bound it to
the tunnel using the bi
17 matches
Mail list logo
