SRX

I have a SRX210 with fresh out of the box with a default configuration.  I configured a default static route in the routing-options but it is not appearing in the routing table.  All interfaces are up and there is a policy configured.

Any help would be appreciated.

Here is the configuration

## Last changed: 2014-03-14 02:08:43 UTC
version 10.0R3.10;
system {
host-name TIBCO-LAB-SRX;
authentication-order password;
root-authentication {
encrypted-password "$1$wxTBH1Kg$NErINoJBQE9ALBBwfy5Zx0";
}
name-server {
208.67.222.222;
208.67.220.220;
}
login {
user tibco {
full-name TIBCO;
uid 2000;
class super-user;
authentication {
encrypted-password "$1$dLiwlPfn$aXfxPV/azrmEksmCDbDYm.";
}
}
}
services {
ssh;
telnet;
web-management {
http {
interface vlan.0;
}
https {
system-generated-certificate;
interface vlan.0;
}
}
dhcp {
router {
192.168.1.1;
}
pool 192.168.1.0/24 {
address-range low 192.168.1.2 high 192.168.1.254;
}
propagate-settings ge-0/0/0.0;
}
}
syslog {
archive size 100k files 3;
user * {
any emergency;
}
file messages {
any critical;
authorization info;
}
file interactive-commands {
interactive-commands error;
}
}
max-configurations-on-flash 5;
max-configuration-rollbacks 5;
license {
autoupdate {
url https://ae1.juniper.net/junos/key_retrieval;
}
}
}
interfaces {
interface-range interfaces-trust {
member ge-0/0/1;
member fe-0/0/2;
member fe-0/0/3;
member fe-0/0/4;
member fe-0/0/5;
member fe-0/0/6;
member fe-0/0/7;
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
ge-0/0/0 {
unit 0 {
family inet {
address 192.168.199.45/30;
}
}
}
vlan {
unit 0 {
family inet {
address 192.168.1.1/24;
}
}
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop 192.168.199.45;
}
}
policy-options {
policy-statement Routing {
term rtng {
from {
family inet;
protocol static;
rib inet.0;
interface vlan.0;
metric 5;
preference 5;
}
to {
family inet;
protocol static;
rib inet.0;
interface ge-0/0/0.0;
metric 5;
preference 5;
}
}
}
}
security {
screen {
ids-option untrust-screen {
icmp {
ping-death;
}
ip {
source-route-option;
tear-drop;
}
tcp {
syn-flood {
alarm-threshold 1024;
attack-threshold 200;
source-threshold 1024;
destination-threshold 2048;
timeout 20;
}
land;
}
}
}
zones {
security-zone trust {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
vlan.0;
}
}
security-zone untrust {
screen untrust-screen;
interfaces {
ge-0/0/0.0 {
host-inbound-traffic {
system-services {
dhcp;
tftp;
}
}
}
}
}
}
policies {
from-zone trust to-zone untrust {
policy trust-to-untrust {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
}
}
vlans {
vlan-trust {
vlan-id 3;
l3-interface vlan.0;
}
}

---

@miacovino wrote:

ge-0/0/0 {
  unit 0 {
    family inet {
      address 192.168.199.45/30;
    }
  }
}

[...]

routing-options {
  static {
    route 0.0.0.0/0 next-hop 192.168.199.45;
  }
}

You've got the next hop for your static route pointing at the SRX's interface, so you don't have a valid [resolvable] next hop.

You'll either want your next-hop for your static route to be 192.168.199.46, or your SRX's interface IP should be .46 if your next hop really is .45.

Thanks for pointing out the typo, I factory reset the old configuration to try again and didn't notice the mistake.  Default route is now working.

Mike

---

 

version 10.0R3.10;

---

Also, you'll want to upgrade the code to something recent.

10.0 is ancient.