SRX

last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  Need help with setting up SRX1400 please

    Posted 01-09-2015 19:11

    Hi,

     

    I'm completely new to Juniper and this is my first time setting up a Juniper device. I recently acquired a SRX1400 and I need help setting it up for use. I need to setup a vpn connection so I can log into it remotely through the cli and Jweb. I was only able to gain access Jweb locally through the ge-0/0/0 though I'm having a hard time configuring the SRX to allow me to access the internet from it.

    So far I have configured the ge-0/0/1 with the ip supplied by my ISP 74.XXX.XXX.34/30 and I set the default gateway 74.XXX.XXX.33 as my static default route. I set the host-name to use Google's DNS 8.8.8.8.

    I would greatly appreciate it if anyone can guide me through a step by step process to configuring internet acccess and vpn access for my SRX1400

     

    Thanks!



  • 2.  RE: Need help with setting up SRX1400 please

    Posted 01-10-2015 04:53

    hi gourami,

       

        for the internet connectivity, you can utilize the ge-0/0/0 (default zone is untrust). via webui you can navigate to security nat for the outbound translation. 

     

        junos has a feature called rule set, you can check it out from the webui

     

     

     for the vpn,

       you can check this link.... http://kb.juniper.net/InfoCenter/index?page=content&id=KB15745&smlogin=true

     

       hope this helps.

     

    dwayne



  • 3.  RE: Need help with setting up SRX1400 please

    Posted 01-11-2015 13:05

    Can you give me step by step process to configure the nat? I'm at the security section and I'm not sure what to do.



  • 4.  RE: Need help with setting up SRX1400 please

    Posted 01-11-2015 19:54

    for example, 

     

    untrust - ge-0/0/0.0

     

    trust - ge-0/0/5.0

     

    if the interface is in ethernet switching family, you need to delete it.

     

    srx#delete interface ge-0/0/5.0 family ethernet-switching

     

    paste below commands to your cli then check it on your webui.

     

    set security nat source rule-set trust-to-untrust from zone trust
    set security nat source rule-set trust-to-untrust to zone untrust
    set security nat source rule-set trust-to-untrust rule to-internet description "towards your internet isp connection"
    set security nat source rule-set trust-to-untrust rule to-internet match source-address 0.0.0.0/0
    set security nat source rule-set trust-to-untrust rule to-internet match destination-address 0.0.0.0/0
    set security nat source rule-set trust-to-untrust rule to-internet then source-nat interface

     

     



  • 5.  RE: Need help with setting up SRX1400 please

    Posted 01-12-2015 04:06

    Welcome to Junos on the SRX.  Your best friend is this getting started page in the technical support area.  This provides an organized topic by topic links to specific configuration options.

     

    http://kb.juniper.net/InfoCenter/index?page=content&id=KB15694

     



  • 6.  RE: Need help with setting up SRX1400 please
    Best Answer

    Posted 01-14-2015 11:03

    Hi Gourami,

     

    For accessing internet , you need these basic configuration;

     

    1. Interfaces for Untrust and Trust:

    set interfaces ge-0/0/2 unit 0 family inet address 192.168.100.1/24
    set interfaces ge-0/0/1 unit 0 family inet address 74.XXX.XXX.34/30

     

    2. security Zones

    set security zones security-zone Trust interfaces ge-0/0/2.0 host-inbound-traffic system-services all
    set security zones security-zone Trust interfaces ge-0/0/2.0 host-inbound-traffic protocols all

     

    set security zones security-zone Untrust interfaces ge-0/0/1.0 host-inbound-traffic system-services all
    set security zones security-zone Untrust interfaces ge-0/0/1.0 host-inbound-traffic protocols all


    3. Routing:

    set routing-options static route 0/0 next-hop 74.XXX.XXX.33

     

    4. Source NAT for Allowing Internet access to Trust subnet:

     

    set security nat source rule-set rs1 from zone Trust
    set security nat source rule-set rs1 to zone Untrust
    set security nat source rule-set rs1 rule Internet-Trust match destination-address 0.0.0.0/0
    set security nat source rule-set rs1 rule Internet-Trust then source-nat interface

     

    5. security policy:


    set security policies from-zone Trust to-zone Untrust policy test-policy match source-address any
    set security policies from-zone Trust to-zone Untrust policy test-policy match destination-address any
    set security policies from-zone Trust to-zone Untrust policy test-policy match application any
    set security policies from-zone Trust to-zone Untrust policy test-policy then permit


    Regards,

    rparthi
     

    Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too



  • 7.  RE: Need help with setting up SRX1400 please

    Posted 01-14-2015 11:06

    Hi Gourami,

     

    After you are able to access internet as per my suggestion , then you can use following KB article to configure VPN.

     

    http://kb.juniper.net/InfoCenter/index?page=content&id=TN108
    http://kb.juniper.net/InfoCenter/index?page=content&id=TN107


    Regards,

    rparthi
     

    Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too



  • 8.  RE: Need help with setting up SRX1400 please

    Posted 01-18-2015 05:18

    Hi Gourami,


    Did my sample config helped you in resolving internet issue?


    Kindly update

     

    Regards,

    rparthi
     

    Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too