Hey All,
i have some trouble to get a configuration working for my srx240 and i hope someone can provide some assistance and/or advise..
ge0/0/0 = uplink network, i have define it as 192.168.0.2/30 (192.168.0.1/30 is come from other router)
ge0/0/1 = a mini network 192.168.12.1/30 (a server is connect directly to this port)
ge0/0/2 = mini network 192.168.13.1/24
ge0/0/15 = management for the srx240
All i want to have it work isthat all network is able to
- go from ge0/0/0 to ge0/0/1 and reverse
- go from ge0/0/0 to ge0/0/2 and reverse
- go from ge0/0/1 to ge0/0/2 and reverse (optinal )
status now
at this moment "from the router" I can ping to everyway (192.168.0.1, 192.168.0.2, 192.168.12.1, 192.168.12.2 etc)
once i connect a computer at ge0/0/2 (from 192.168.13.2) and I want to
- ping to ge0/0/0 192.168.0.2 (port on the srx), it works
- ping to ge0/0/0 192.168.0.1, it doesnt work
- ping to ge0/0/1 192.168.12.1 (port on the srx), it doesnt work
- ping to ge0/0/1 192.168.12.2 (server behind the srx), it doesnt work
can someone have a look and maybe guide me to the right direction? by the way, i dont need the srx to handle firewall, security etc...
interfaces {
ge-0/0/0 {
gigether-options {
auto-negotiation;
}
unit 0 {
description "uplink 192.168.0.1/16";
family inet {
address 192.168.0.2/30;
}
}
}
ge-0/0/1 {
gigether-options {
auto-negotiation;
}
unit 0 {
description "mini network 1 192.168.12.1/30";
family inet {
address 192.168.12.1/30;
}
}
}
ge-0/0/2 {
gigether-options {
auto-negotiation;
}
unit 0 {
description "mini network 2 192.168.13.1/24";
family inet {
address 192.168.13.1/24;
}
}
}
ge-0/0/15 {
gigether-options {
auto-negotiation;
}
unit 0 {
description "maintenance 192.168.15.1/30";
family inet {
address 192.168.15.1/30;
}
}
}
}
routing-options {
interface-routes {
rib-group inet inside;
}
static {
route 0.0.0.0/0 next-hop 192.168.0.1;
}
rib-groups {
inside {
import-rib inet.0;
}
}
}
protocols {
stp;
}
security {
nat {
source {
rule-set trust-to-untrust {
from zone trust;
to zone untrust;
rule source-nat-rule {
match {
source-address 0.0.0.0/0;
}
then {
source-nat {
interface;
}
}
}
}
}
}
screen {
ids-option untrust-screen {
icmp {
ping-death;
}
ip {
source-route-option;
tear-drop;
}
tcp {
syn-flood {
alarm-threshold 1024;
attack-threshold 200;
source-threshold 1024;
destination-threshold 2048;
timeout 20;
}
land;
}
}
}
zones {
security-zone trust {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
ge-0/0/15.0;
}
}
security-zone untrust {
screen untrust-screen;
}
security-zone uplink {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
ge-0/0/0.0;
}
}
security-zone mininetwork1 {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
ge-0/0/1.0;
}
}
security-zone mininetwork2 {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
ge-0/0/2.0;
}
}
}
policies {
from-zone trust to-zone untrust {
policy trust-to-untrust {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone trust to-zone trust {
policy trust-to-trust {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone trust to-zone uplink {
policy trust-to-trust {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone trust to-zone mininetwork1 {
policy trust-to-trust {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone trust to-zone mininetwork2 {
policy trust-to-trust {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone uplink to-zone mininetwork1 {
policy trust-to-untrust {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone uplink to-zone mininetwork2 {
policy trust-to-untrust {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone mininetwork1 to-zone uplink {
policy trust-to-untrust {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone mininetwork2 to-zone uplink {
policy trust-to-untrust {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
}
}