SRX

Hi,

I am having Juniper SRX240 trying to configure PPPOE broadband connection below are few details which i have

ISP: BSNL
PPPOE Authentication: CHAP
Username: pr2741_vpn@me.in
Password: password

I am trying place above information in Juniper srx240 below is my full CLI configuration, i have configured pp0.0 logical PPPOE interface and enabled ppp-encapsulation on ge/0/0/10.0 on which i have connected cable from ISP, but still i am able to get this interface up, please review the configuration and guide if am wrong at any place. 😞

## Last changed: 2012-10-21 13:25:49 IST
version 10.2R4.8;
system {
host-name RGIJ-engg;
time-zone Asia/Calcutta;
root-authentication {
encrypted-password "$1$0CZPqkNy$HMxCP/PSUdLBEhMhmN5Ku1";
}
name-server {
208.67.222.222;
208.67.220.220;
}
login {
user groundforce {
uid 2000;
class super-user;
authentication {
encrypted-password "$1$SQdYsFfm$wcb8av7KpgYWn2MsBn9SI.";
}
}
user nishat {
uid 2001;
class super-user;
authentication {
encrypted-password "$1$H/Ex2rG3$5/WsjcLZbwWf1sZ0fo7/d.";
}
}
user sysadmin {
uid 2002;
class super-user;
authentication {
encrypted-password "$1$aH2LlkMP$Ueip6BUpfgSBMzWzRcPj01";
}
}
}
services {
ssh;
telnet;
xnm-clear-text;
web-management {
http {
interface [ vlan.0 ge-0/0/15.0 ];
}
https {
system-generated-certificate;
interface [ vlan.0 ge-0/0/15.0 ];
}
}
inactive: dhcp {
router {
192.168.1.1;
}
pool 192.168.1.0/24 {
address-range low 192.168.1.2 high 192.168.1.254;
}
propagate-settings ge-0/0/0.0;
}
}
syslog {
archive size 100k files 3;
user * {
any emergency;
}
file messages {
any critical;
authorization info;
}
file interactive-commands {
interactive-commands error;
}
}
max-configurations-on-flash 5;
max-configuration-rollbacks 5;
license {
autoupdate {
url https://ae1.juniper.net/junos/key_retrieval;
}
}
}
interfaces {
interface-range interfaces-trust {
member ge-0/0/1;
member ge-0/0/2;
member ge-0/0/3;
member ge-0/0/8;
member ge-0/0/9;
member ge-0/0/11;
member ge-0/0/12;
member ge-0/0/13;
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
ge-0/0/0 {
unit 0;
}
ge-0/0/1 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
ge-0/0/2 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
ge-0/0/3 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
ge-0/0/4 {
unit 0 {
family inet {
address 172.16.200.254/24;
}
inactive: family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
ge-0/0/5 {
unit 0 {
family inet {
address 172.16.201.254/24;
}
inactive: family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
ge-0/0/6 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
ge-0/0/7 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
ge-0/0/8 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
ge-0/0/9 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
ge-0/0/10 {
unit 0 {
encapsulation ppp-over-ether;
}
}
ge-0/0/12 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
ge-0/0/14 {
unit 0 {
family inet {
address 10.10.20.253/30;
}
inactive: family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
ge-0/0/15 {
unit 0 {
family inet {
address 220.227.55.48/29;
}
inactive: family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
pp0 {
unit 0 {
ppp-options {
chap {
access-profile jweb-pp0;
local-name "pr2741_vpn@me.in";
no-rfc2486;
}
}
pppoe-options {
underlying-interface ge-0/0/10.0;
idle-timeout 0;
auto-reconnect 10;
client;
}
family inet {
mtu 1492;
negotiate-address;
}
}
}
vlan {
unit 0 {
family inet {
address 192.168.50.62/26;
}
}
}
}
snmp {
view jweb-view-all {
oid .1 include;
}
community public {
view jweb-view-all;
authorization read-write;
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop 220.227.55.49;
route 192.168.0.0/16 next-hop 192.168.50.60;
}
}
protocols {
stp;
}
security {
nat {
source {
rule-set trust-to-untrust {
from zone trust;
to zone untrust;
rule source-nat-rule {
match {
source-address 0.0.0.0/0;
}
then {
source-nat {
interface;
}
}
}
}
}
static {
rule-set static-nat {
from zone untrust;
rule rule1 {
match {
destination-address 220.227.55.51/32;
}
then {
static-nat prefix 192.168.50.21/32;
}
}
}
}
proxy-arp {
interface ge-0/0/15.0 {
address {
220.227.55.51/32;
}
}
}
}
screen {
ids-option untrust-screen {
icmp {
ping-death;
}
ip {
source-route-option;
tear-drop;
}
tcp {
syn-flood {
alarm-threshold 1024;
attack-threshold 200;
source-threshold 1024;
destination-threshold 2048;
timeout 20;
}
land;
}
}
}
zones {
security-zone trust {
address-book {
address Director 192.168.53.11/32;
address Secretory 192.168.53.4/32;
address ICARD 192.168.55.7/32;
address Proxy_Server 192.168.50.1/32;
address DNS_Server 192.168.50.5/32;
address Registrar 192.168.53.12/32;
address wipro-msdn 192.168.52.196/32;
address raisoni 192.168.50.24/32;
address trendav 192.168.50.8/32;
address ITESERVER 192.168.50.17/32;
address ITECLIENT 192.168.50.18/32;
address eclient 192.168.50.20/32;
address eserver 192.168.50.19/32;
address blade5 192.168.53.1/32;
address blade1 192.168.52.216/32;
address blade2 192.168.50.11/32;
address blade3 192.168.55.20/32;
address blade4 192.168.50.14/32;
address server-2 192.168.55.239/32;
address acc-srv 192.168.50.42/32;
address PritamSir_Laptop 192.168.55.121/32;
address Tejal_oza 192.168.51.129/32;
address wad 192.168.55.112/32;
address sugandhi-sir 192.168.55.105/32;
address Rajesh 192.168.53.15/32;
address wds 192.168.50.65/32;
address abhi 192.168.50.50/32;
address cctv 192.168.53.38/32;
address sharma 192.168.53.8/32;
address principal 192.168.53.32/32;
address lib 192.168.53.17/32;
address manish 192.168.54.27/32;
address m 192.168.55.64/32;
address smahajan 192.168.55.55/32;
address Language 192.168.55.73/32;
address video_conf 192.168.50.22/32;
address store 192.168.53.21/32;
address office-aicte-desk 192.168.53.29/32;
address Niranjan 192.168.53.27/32;
address manish_note 192.168.55.220/32;
address account 192.168.53.19/32;
address savita_mam 192.168.53.16/32;
address ID 192.168.50.53/32;
address prashant_acc 192.168.53.26/32;
address sushil_acc 192.168.53.35/32;
address bhole_sir 192.168.53.22/32;
address vijay_ani 192.168.52.1/32;
address aims 192.168.53.24/32;
address sp 192.168.52.207/32;
address Lib_Server 192.168.50.11/32;
address Kavi_Rajput 192.168.53.12/32;
address **bleep**al 192.168.54.10/32;
address Hod_Rajput 192.168.53.91/32;
address Director_IT 192.168.53.39/32;
address pr 192.168.5.0/32;
address IIT 192.168.53.18/32;
address-set All_Open-Port {
address Director;
address Secretory;
address Proxy_Server;
address ICARD;
address DNS_Server;
address Registrar;
address wipro-msdn;
address raisoni;
address trendav;
address office-aicte-desk;
address ITESERVER;
address ITECLIENT;
address eclient;
address eserver;
address blade5;
address blade1;
address blade2;
address blade3;
address blade4;
address server-2;
address principal;
address ID;
address Kavi_Rajput;
}
}
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
vlan.0;
}
}
security-zone untrust {
screen untrust-screen;
interfaces {
ge-0/0/0.0 {
host-inbound-traffic {
system-services {
dhcp;
tftp;
}
}
}
ge-0/0/15.0 {
host-inbound-traffic {
system-services {
https;
}
}
}
ge-0/0/10.0;
}
}
security-zone MPLS {
interfaces {
ge-0/0/14.0;
}
}
security-zone servers {
interfaces {
ge-0/0/4.0;
}
}
security-zone Admin {
interfaces {
ge-0/0/5.0;
}
}
}
policies {
from-zone trust to-zone untrust {
policy video_conf {
match {
source-address video_conf;
destination-address any;
application any;
}
then {
reject;
}
}
policy trust-to-untrust {
match {
source-address [ DNS_Server Proxy_Server ];
destination-address any;
application [ junos-ftp junos-http junos-https junos-dns-udp junos-dns-tcp ];
}
then {
permit;
}
}
policy Proxy_LAN {
match {
source-address [ DNS_Server Proxy_Server ];
destination-address any;
application [ junos-dns-tcp junos-http junos-https junos-dns-udp junos-ftp ];
}
then {
permit;
log {
session-init;
session-close;
}
count;
}
}
policy RGIJ_ALL_OPEN {
match {
source-address [ Director Secretory Registrar DNS_Server Proxy_Server trendav PritamSir_Laptop Rajesh sharma principal acc-srv sugandhi-sir Director_IT account savita_mam store bhole_sir Tejal_oza wad sushil_acc prashant_acc sp cctv blade4 blade1 Niranjan Hod_Rajput eserver ICARD smahajan abhi server-2 ];
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone untrust to-zone trust {
policy static-nat {
match {
source-address any;
destination-address video_conf;
application any;
}
then {
reject;
}
}
}
}
utm {
custom-objects {
url-pattern {
White_List {
value [ mysms.co.in www.bsnl.co.in www.rapidshare.com ];
}
Black_List {
value [ http://www.youtube.com/ http://www.facebook.com/ http://www.orkut.com ];
}
}
custom-url-category {
RGIJ_White_List {
value White_List;
}
RGIJ_Black_List {
value Black_List;
}
}
}
feature-profile {
web-filtering {
surf-control-integrated {
profile junos-wf-cpa-default {
category {
RGIJ_White_List {
action permit;
}
RGIJ_Black_List {
action block;
}
}
}
}
}
}
utm-policy RGIJ_web_filter {
anti-virus {
http-profile junos-av-defaults;
ftp {
upload-profile junos-av-defaults;
}
}
web-filtering {
http-profile junos-wf-cpa-default;
}
traffic-options {
sessions-per-client {
over-limit log-and-permit;
}
}
}
}
}
access {
profile jweb-pp0 {
client "pr2741_vpn@me.in" chap-secret "$9$iHPQF39pOR6987VYZG69Atu1";
}
profile pppoe {
client "pr2741_vpn@me.in" chap-secret "$9$4XoUHq.5F6AP5SeWxwsP5Qz39";
}
}
ethernet-switching-options {
voip;
}
vlans {
vlan-trust {
vlan-id 3;
l3-interface vlan.0;
}
}

Hi

Without going through every line.  I have some suggestions for you.

Under interfaces, try

    pp0 {
        unit 0 {
            description PlusNet;
            ppp-options {
                chap {
                    default-chap-secret "PASSWORD";
                    local-name "USERNAME";
                    no-rfc2486;
                    passive;
                }
            }
            pppoe-options {
                underlying-interface ge-0/0/10.0;
                idle-timeout 0;
                auto-reconnect 5;
                client;
            }
            family inet {
                negotiate-address;
            }
        }
    }

 and you need to add a detault route for the PPP connection

routing-options {
    static {
        route 0.0.0.0/0 next-hop pp0.0;
        route 192.168.0.0/16 next-hop 192.168.50.60;
    }
}

I have tried your given script, modified my username / password in the given script still interface is not getting up

** i have tried dialing it through my PC by connecting cable directly to PC, it works, but with juniper and your given config it doesn't

Note: if i moniter PPPOE in Monitor TAB Juniper SRX240 Web Manager, It shows PADI Sent as status.

Plz help

Thanks in advance

Hi

Are you sure that you are using PPPoE.

If you have tried to PC and it works, does that mean that you have a PPoE client on your machine, or do you get an IP address via DHCP.

Can you explain a bit more about the device that the SRX is connected to?

I have connected it to the PC and used PPPOE client to connect for testing it works, also confirmed that it uses CHAP authentication.

It is an Cable Broadband Connection, and only provides PPPOE Connectivity.

Note: if you have help me as a freelancer for configuring this device, i can give you login details and if you give me your contact detials, i will call you and explain.

I also want to configure 2 WAN connection (1 is Static IP, 2nd is PPPOE) Link agreegation or Load balacing on the same device, if you can help me with that i can pay you let me know.

Thanks

Hi

I used to work for a Juniper channel partner, but I don’t any more.

I cannot do any freelance work due to my current job. Sorry.

I would suggest seeing if anyone else on this forum can assist, or contact a Juniper partner for consultancy.

Thanks, but can you please help me with this PPPOE issue, i will find link agreegation solution myself.

You need to make sure that you PP.0 and the ethernet interface that is connected to the PPPoE router/modem is in the untrust zone.  You will also need to make sure that the system-services is setup to DHCP/TFPT as well. E.G.

        security-zone untrust {
            screen untrust-screen;
            interfaces {
                fe-0/0/0.0 {
                    host-inbound-traffic {
                        system-services {
                            dhcp;
                            tftp;
                        }
                    }
                }
                pp0.0;
            }
        }

 Please change this to reflect your SRX.

Sorry to disturb you again, i have tried this also still no sucess.

Please review my CLI config once .

## Last changed: 2012-10-22 16:24:14 IST
version 10.2R4.8;
system {
host-name RGIJ-engg;
time-zone Asia/Calcutta;
root-authentication {
encrypted-password "$1$0CZPqkNy$HMxCP/PSUdLBEhMhmN5Ku1";
}
name-server {
208.67.222.222;
208.67.220.220;
}
login {
user groundforce {
uid 2000;
class super-user;
authentication {
encrypted-password "$1$SQdYsFfm$wcb8av7KpgYWn2MsBn9SI.";
}
}
user nishat {
uid 2001;
class super-user;
authentication {
encrypted-password "$1$H/Ex2rG3$5/WsjcLZbwWf1sZ0fo7/d.";
}
}
user sysadmin {
uid 2002;
class super-user;
authentication {
encrypted-password "$1$aH2LlkMP$Ueip6BUpfgSBMzWzRcPj01";
}
}
}
services {
ssh;
telnet;
xnm-clear-text;
web-management {
http {
interface [ vlan.0 ge-0/0/15.0 ];
}
https {
system-generated-certificate;
interface [ vlan.0 ge-0/0/15.0 ];
}
}
inactive: dhcp {
router {
192.168.1.1;
}
pool 192.168.1.0/24 {
address-range low 192.168.1.2 high 192.168.1.254;
}
propagate-settings ge-0/0/0.0;
}
}
syslog {
archive size 100k files 3;
user * {
any emergency;
}
file messages {
any critical;
authorization info;
}
file interactive-commands {
interactive-commands error;
}
}
max-configurations-on-flash 5;
max-configuration-rollbacks 5;
license {
autoupdate {
url https://ae1.juniper.net/junos/key_retrieval;
}
}
}
interfaces {
interface-range interfaces-trust {
member ge-0/0/1;
member ge-0/0/2;
member ge-0/0/3;
member ge-0/0/8;
member ge-0/0/9;
member ge-0/0/11;
member ge-0/0/12;
member ge-0/0/13;
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
ge-0/0/0 {
unit 0;
}
ge-0/0/1 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
ge-0/0/2 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
ge-0/0/3 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
ge-0/0/4 {
unit 0 {
family inet {
address 172.16.200.254/24;
}
inactive: family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
ge-0/0/5 {
unit 0 {
family inet {
address 172.16.201.254/24;
}
inactive: family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
ge-0/0/6 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
ge-0/0/7 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
ge-0/0/8 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
ge-0/0/9 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
ge-0/0/10 {
unit 0 {
encapsulation ppp-over-ether;
}
}
ge-0/0/12 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
ge-0/0/14 {
unit 0 {
family inet {
address 10.10.20.253/30;
}
inactive: family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
ge-0/0/15 {
unit 0 {
family inet {
address 220.227.55.50/29;
}
inactive: family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
pp0 {
unit 0 {
description PlusNet;
ppp-options {
chap {
default-chap-secret "$9$-GdYoJZjqPQUj0IclLXUjHk.5";
local-name "pr2572262741_vpn@nme.in";
no-rfc2486;
passive;
}
}
pppoe-options {
underlying-interface ge-0/0/10.0;
idle-timeout 0;
auto-reconnect 5;
client;
}
family inet {
mtu 1492;
negotiate-address;
}
}
}
vlan {
unit 0 {
family inet {
address 192.168.50.62/26;
}
}
}
}
snmp {
view jweb-view-all {
oid .1 include;
}
community public {
view jweb-view-all;
authorization read-write;
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop 220.227.55.49;
route 192.168.0.0/16 next-hop 192.168.50.60;
}
}
protocols {
stp;
}
security {
nat {
source {
rule-set trust-to-untrust {
from zone trust;
to zone untrust;
rule source-nat-rule {
match {
source-address 0.0.0.0/0;
}
then {
source-nat {
interface;
}
}
}
}
}
static {
rule-set static-nat {
from zone untrust;
rule rule1 {
match {
destination-address 220.227.55.51/32;
}
then {
static-nat prefix 192.168.50.21/32;
}
}
}
}
proxy-arp {
interface ge-0/0/15.0 {
address {
220.227.55.51/32;
}
}
}
}
screen {
ids-option untrust-screen {
icmp {
ping-death;
}
ip {
source-route-option;
tear-drop;
}
tcp {
syn-flood {
alarm-threshold 1024;
attack-threshold 200;
source-threshold 1024;
destination-threshold 2048;
timeout 20;
}
land;
}
}
}
zones {
security-zone trust {
address-book {
address Director 192.168.53.11/32;
address Secretory 192.168.53.4/32;
address ICARD 192.168.55.7/32;
address Proxy_Server 192.168.50.1/32;
address DNS_Server 192.168.50.5/32;
address Registrar 192.168.53.12/32;
address wipro-msdn 192.168.52.196/32;
address raisoni 192.168.50.24/32;
address trendav 192.168.50.8/32;
address ITESERVER 192.168.50.17/32;
address ITECLIENT 192.168.50.18/32;
address eclient 192.168.50.20/32;
address eserver 192.168.50.19/32;
address blade5 192.168.53.1/32;
address blade1 192.168.52.216/32;
address blade2 192.168.50.11/32;
address blade3 192.168.55.20/32;
address blade4 192.168.50.14/32;
address server-2 192.168.55.239/32;
address acc-srv 192.168.50.42/32;
address PritamSir_Laptop 192.168.55.121/32;
address Tejal_oza 192.168.51.129/32;
address wad 192.168.55.112/32;
address sugandhi-sir 192.168.55.105/32;
address Rajesh 192.168.53.15/32;
address wds 192.168.50.65/32;
address abhi 192.168.50.50/32;
address cctv 192.168.53.38/32;
address sharma 192.168.53.8/32;
address principal 192.168.53.32/32;
address lib 192.168.53.17/32;
address manish 192.168.54.27/32;
address m 192.168.55.64/32;
address smahajan 192.168.55.55/32;
address Language 192.168.55.73/32;
address video_conf 192.168.50.22/32;
address store 192.168.53.21/32;
address office-aicte-desk 192.168.53.29/32;
address Niranjan 192.168.53.27/32;
address manish_note 192.168.55.220/32;
address account 192.168.53.19/32;
address savita_mam 192.168.53.16/32;
address ID 192.168.50.53/32;
address prashant_acc 192.168.53.26/32;
address sushil_acc 192.168.53.35/32;
address bhole_sir 192.168.53.22/32;
address vijay_ani 192.168.52.1/32;
address aims 192.168.53.24/32;
address sp 192.168.52.207/32;
address Lib_Server 192.168.50.11/32;
address Kavi_Rajput 192.168.53.12/32;
address **bleep**al 192.168.54.10/32;
address Hod_Rajput 192.168.53.91/32;
address Director_IT 192.168.53.39/32;
address pr 192.168.5.0/32;
address IIT 192.168.53.18/32;
address-set All_Open-Port {
address Director;
address Secretory;
address Proxy_Server;
address ICARD;
address DNS_Server;
address Registrar;
address wipro-msdn;
address raisoni;
address trendav;
address office-aicte-desk;
address ITESERVER;
address ITECLIENT;
address eclient;
address eserver;
address blade5;
address blade1;
address blade2;
address blade3;
address blade4;
address server-2;
address principal;
address ID;
address Kavi_Rajput;
}
}
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
vlan.0;
}
}
security-zone untrust {
screen untrust-screen;
interfaces {
ge-0/0/0.0 {
host-inbound-traffic {
system-services {
dhcp;
tftp;
}
}
}
ge-0/0/15.0 {
host-inbound-traffic {
system-services {
https;
}
}
}
ge-0/0/10.0 {
host-inbound-traffic {
system-services {
dhcp;
tftp;
}
}
}
pp0.0 {
host-inbound-traffic {
system-services {
dhcp;
tftp;
}
}
}
}
}
}
}
access {
profile jweb-pp0 {
client "pr2572262741_vpn@nme.in" chap-secret "$9$9iktC0IhSeMLxyraZDjq.0B1ElKWLxsgo7NjHmT6/M8XxVYq.5TQ3ZUz69A1ILx7-b2.mT";
}
}
vlans {
vlan-trust {
vlan-id 3;
l3-interface vlan.0;
}
}

Hi,

Usually I am using PAP and never tried Chap before. Here is some hints might help you

1- configure access profile

http://www.juniper.net/techpubs/en_US/junos11.1/topics/example/pppoe-security-chap-authentication-on-interface-configuring.html

2- set the service all under the interfaces pp0 and ge-0/0/10 as the following example although it is using pap but still pppoe example

http://kb.juniper.net/InfoCenter/index?page=content&id=KB15736

Mohamed Elhariry

JNCIE-M/T # 1059, CCNP & CCIP

----------------------------------------------------------------------------------------------------------------------------------------

If this post was helpful, please mark this post as an "Accepted Solution".Kudos are always appreciated!

tried using above examples also please review above given config once, and suggest what i am doing wrong ?

i have not added 

route 0.0.0.0/0 next-hop pp0.0;

is it creating any issue, as i don't want to add route unitil i get successful conection, because there is another WAN link with static ip is service internet to campus,

plz suggest, how can i get rid of this issue for reference i am herewith enclosing my latest CLI config.

Attachment(s)

CLI-Config.txt   17 KB 1 version

I seem to remember that the SRX has an issue with one of the  screen IDS settings causing issues with DHCP/PPPoE

screen {
        ids-option untrust-screen {
            icmp {
                large;
                ping-death;
            }
            ip {
                bad-option;
                security-option;
                inactive: spoofing;
                source-route-option;
                strict-source-route-option;
                tear-drop;
            }
            tcp {
                syn-flood {
                    alarm-threshold 1024;
                    attack-threshold 200;
                    source-threshold 1024;
                    destination-threshold 2048;
                    timeout 10;
                }
                land;
                winnuke;
            }
        }
    }

Done screen IDS settings as per shown, still not able to connect PPPOE,

Note: I have enabled traceoption on PPPOE enclosed log file of the have a look at it 

Attachment(s)

PPPOE.rtf   74 KB 1 version

Hi

I have attached a working PPPoE config from one of my remote SRX units connected via a ADSL PPPoE Modem.

I have removed the passwords and IP addresses.

I looked at your logs, and it appeared that GE-0/0/0 was showing up.  I thought that GE-0/10/0 was your PPPoE interface.

Attachment(s)

PPPoE working config - cleaned.txt   23 KB 1 version

Thank to all issue has been solved.