SRX

Hello,

I am new to juniper and i have been looking for a solution of my problem for 6 days now, so here is the question,

please help.. :O)

I have 4 ports (ge-0/0/4-7) which have vlan 33 and ip 10.3.1.1/24.

I have 1 port (ge-0/0/15) configured ip 1.1.1.1 (Public IP/Internet connection)

How do i route all traffic from vlan33 to ge0/0/15 though to the internet.

For clarification:

all traffic to 0.0.0.0/0 on vlan33 -> ge-0/0/15 -> Internet.

without setting a global default route the the internet..

is it possible.?

I have booked training, bought books etc. but now i just want it solved.

I have configured the problem above with nat.

Kind regards

Gert

You could use filter based forwading if you do not want to use a default route(which is of course the easiest method in your case)

http://kb.juniper.net/InfoCenter/index?page=content&id=KB23300

http://www.juniper.net/techpubs/en_US/junos11.1/topics/example/firewall-filter-option-filter-based-forwarding-example.html

Nope,

I just can not get it to work.

i have been looking on:

http://kb.juniper.net/InfoCenter/index?page=content&id=KB23300

but as i am new, i can not filter/change in the exable what needs to be changed to mage it work.

below is my intire setup, can anyone show me exatly how i should do this, please..

i know there is a new firmware, but the gui is so buggy, i had to downgrade,

and now i am using command line so great.. :O)

------------------------------------------------------------------------------------
## Last changed: 2012-08-14 16:44:12 CEST
version 11.2R4.3;

interfaces {
    ge-0/0/0 {
        unit 0;
    }
    ge-0/0/1 {
        unit 0 {
            family ethernet-switching {
                vlan {
                    members vlan-trust;
                }
            }
        }
    }
    ge-0/0/2 {
        unit 0 {
            family ethernet-switching {
                vlan {
                    members vlan-trust;
                }
            }
        }
    }
    ge-0/0/3 {
        unit 0 {
            family ethernet-switching {
                vlan {
                    members vlan-trust;
                }
            }
        }
    }
    ge-0/0/4 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/5 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/6 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/7 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/8 {
        unit 0 {
            family ethernet-switching {
                vlan {
                    members vlan-trust;
                }
            }
        }
    }
    ge-0/0/9 {
        unit 0 {
            family ethernet-switching {
                vlan {
                    members vlan-trust;
                }
            }
        }
    }
    ge-0/0/10 {
        unit 0 {
            family ethernet-switching {
                vlan {
                    members vlan-trust;
                }
            }
        }
    }
    ge-0/0/11 {
        unit 0 {
            family ethernet-switching {
                vlan {
                    members vlan-trust;
                }
            }
        }
    }
    ge-0/0/12 {
        unit 0 {
            family ethernet-switching {
                vlan {
                    members vlan-trust;
                }
            }
        }
    }
    ge-0/0/13 {
        unit 0 {
            family ethernet-switching {
                vlan {
                    members vlan-trust;
                }
            }
        }
    }
    ge-0/0/14 {
        unit 0 {
            family ethernet-switching {
                vlan {
                    members vlan-trust;
                }
            }
        }
    }
    ge-0/0/15 {
        unit 0 {
            family inet {
                address 1.1.1.145/24;
            }
        }
    }
    vlan {
        unit 0 {
            family inet {
                address 172.19.0.4/16;
            }
        }
        unit 1 {
            family inet {
                filter {
                    input classify-vlans;
                }
                address 10.3.1.1/24;
            }
        }
    }
}
routing-options {
    interface-routes {
        rib-group inet v-router;
    }
    rib-groups {
        v-router {
            import-rib [ v-router.inet.0 inet.0 ];
        }
    }
}
protocols {
    stp;
}
security {
    screen {
        ids-option untrust-screen {
            icmp {
                ping-death;
            }
            ip {
                source-route-option;
                tear-drop;
            }
            tcp {
                syn-flood {
                    alarm-threshold 1024;
                    attack-threshold 200;
                    source-threshold 1024;
                    destination-threshold 2048;
                    timeout 20;
                }
                land;
            }
        }
    }
    nat {
        source {
            rule-set trust-to-untrust {
                from zone trust;
                to zone untrust;
                rule source-nat-rule {
                    match {
                        source-address 0.0.0.0/0;
                    }
                    then {
                        source-nat {
                            interface;
                        }
                    }
                }
            }
        }
    }
    policies {
        from-zone trust to-zone untrust {
            policy trust-to-untrust {
                match {
                    source-address any;
                    destination-address any;
                    application any;
                }
                then {
                    permit;
                }
            }
        }
        from-zone trust-cust1 to-zone untrust-cust1 {
            policy trust-untrust-cust1 {
                match {
                    source-address any;
                    destination-address any;
                    application any;
                }
                then {
                    permit;
                    log {
                        session-init;
                        session-close;
                    }
                }
            }
        }
    }
    zones {
        security-zone trust {
            host-inbound-traffic {
                system-services {
                    all;
                }
                protocols {
                    all;
                }
            }
            interfaces {
                vlan.0;
            }
        }
        security-zone untrust {
            screen untrust-screen;
            interfaces {
                ge-0/0/0.0 {
                    host-inbound-traffic {
                        system-services {
                            tftp;
                            dhcp;
                        }
                    }
                }
            }
        }
        security-zone trust-cust1 {
            host-inbound-traffic {
                system-services {
                    all;
                }
                protocols {
                    all;
                }
            }
            interfaces {
                vlan.1 {
                    host-inbound-traffic {
                        system-services {
                            all;
                        }
                    }
                }
            }
        }
        security-zone untrust-cust1 {
            interfaces {
                ge-0/0/15.0;
            }
        }
    }
}
firewall {
    family inet {
        filter classify-vlans {
            term cust1-route {
                from {
                    source-address {
                        10.3.1.0/24;
                    }
                }
                then {
                    routing-instance v-router;
                }
            }
            term default {
                then accept;
            }
        }
    }
}
routing-instances {
    vitoria-router {
        instance-type forwarding;
        routing-options {
            static {
                route 0.0.0.0/0 next-hop 1.1.1.1;
            }
        }
    }
}
vlans {
    vlan-trust {
        vlan-id 3;
        l3-interface vlan.0;
    }
    vlan-victoria {
        vlan-id 33;
        interface {
            ge-0/0/4.0;
            ge-0/0/5.0;
            ge-0/0/6.0;
            ge-0/0/7.0;
        }
        l3-interface vlan.1;
    }
}

------------------------------------------------------------------------------------

Kind regards

Gert

For a forwarding instance all interfaces belong to the default instance inet.0

Have a read here on routing instance types.

http://www.juniper.net/techpubs/en_US/junos11.1/topics/concept/routing-instance-security-type-understanding.html

You should just need to add the following to your original configuration.

Have a read at the bottom of this document for verifying once you are set up:

http://www.juniper.net/techpubs/en_US/junos11.1/topics/example/firewall-filter-option-filter-based-forwarding-example.html

routing-instances {
    vitoria-router {
        instance-type forwarding;
        routing-options {
            static {
                route 0.0.0.0/0 next-hop 1.1.1.1;
            }
        }
    }
}


firewall {
    filter classify-vlans {
        cust1-route {
            from {
                source-address {
                    10.3.1.0/24;
                }
            }
            then {
                routing-instance vitoria-router;
            }
        }
    }
}

vlan {
        unit 0 {
            family inet {
                address 172.19.0.4/16;
            }
        }
        unit 1 {
            family inet {
                filter {
                    input classify-vlans;
                }
                address 10.3.1.1/24;
            }
        }
    }

hello MMcD,

first of all, thanks for using the time, i know in two weeks from now i will be supristed

that i could ask the question, but the snip you just pasted how is that different from what i

have allready written.

Kind regards

Gert

Hi,

What is the output of:  user@srx>show route forwarding-table

Routing table: default.inet
Internet:
Destination        Type RtRef Next hop           Type Index NhRef Netif
default            perm     0                    rjct    36     1
0.0.0.0/32         perm     0                    dscd    34     1
10.3.1.0/24        intf     0                    rslv   585     1 vlan.1
10.3.1.0/32        dest     0 10.3.1.0           recv   583     1 vlan.1
10.3.1.1/32        intf     0 10.3.1.1           locl   584     2
10.3.1.1/32        dest     0 10.3.1.1           locl   584     2
10.3.1.112/32      dest     0 76:d2:19:ef:11:76  ucst   586     1 vlan.1
10.3.1.255/32      dest     0 10.3.1.255         bcst   582     1 vlan.1
1.1.1.0/24   intf     0                    rslv   588     1 ge-0/0/15.0
1.1.1.0/32   dest     0 1.1.1.0      recv   579     1 ge-0/0/15.0
1.1.1.1/32   dest     0 0:0:c:7:ac:0       ucst   590     1 ge-0/0/15.0
1.1.1.145/32 intf     0 1.1.1.145    locl   587     2
1.1.1.145/32 dest     0 1.1.1.145    locl   587     2
1.1.1.255/32 dest     0 1.1.1.255    bcst   555     1 ge-0/0/15.0
172.19.0.0/16      intf     0                    rslv   543     1 vlan.0
172.19.0.0/32      dest     0 172.19.0.0         recv   541     1 vlan.0
172.19.0.4/32      intf     0 172.19.0.4         locl   542     2
172.19.0.4/32      dest     0 172.19.0.4         locl   542     2
172.19.0.100/32    dest     1 96:2b:33:b6:95:58  ucst   551     2 vlan.0
172.19.5.9/32      dest     0 36:13:a3:29:19:d8  ucst   592     1 vlan.0
172.19.11.112/32   dest     0 f2:ce:79:6:2b:ca   ucst   557     1 vlan.0
172.19.255.255/32  dest     0 172.19.255.255     bcst   540     1 vlan.0
224.0.0.0/4        perm     0                    mdsc    35     1
224.0.0.1/32       perm     0 224.0.0.1          mcst    31     1
255.255.255.255/32 perm     0                    bcst    32     1

Routing table: __master.anon__.inet
Internet:
Destination        Type RtRef Next hop           Type Index NhRef Netif
default            perm     0                    rjct   517     1
0.0.0.0/32         perm     0                    dscd   515     1
224.0.0.0/4        perm     0                    mdsc   516     1
224.0.0.1/32       perm     0 224.0.0.1          mcst   512     1
255.255.255.255/32 perm     0                    bcst   513     1

Routing table: vitoria-router.inet
Internet:
Destination        Type RtRef Next hop           Type Index NhRef Netif
default            perm     0                    rjct   563     1
0.0.0.0/32         perm     0                    dscd   561     1
224.0.0.0/4        perm     0                    mdsc   562     1
224.0.0.1/32       perm     0 224.0.0.1          mcst   558     1
255.255.255.255/32 perm     0                    bcst   559     1

Routing table: default.iso
ISO:
Destination        Type RtRef Next hop           Type Index NhRef Netif
default            perm     0                    rjct    60     1

Routing table: __master.anon__.iso
ISO:
Destination        Type RtRef Next hop           Type Index NhRef Netif
default            perm     0                    rjct   523     1

Routing table: vitoria-router.iso
ISO:
Destination        Type RtRef Next hop           Type Index NhRef Netif
default            perm     0                    rjct   569     1

Routing table: default.inet6
Internet6:
Destination        Type RtRef Next hop           Type Index NhRef Netif
default            perm     0                    rjct    44     1
::/128             perm     0                    dscd    42     1
ff00::/8           perm     0                    mdsc    43     1
Routing table: default.inet6
Internet6:
Destination        Type RtRef Next hop           Type Index NhRef Netif
default            perm     0                    rjct    44     1
::/128             perm     0                    dscd    42     1
ff00::/8           perm     0                    mdsc    43     1
ff02::1/128        perm     0 ff02::1            mcst    39     1

Routing table: __master.anon__.inet6
Internet6:
Destination        Type RtRef Next hop           Type Index NhRef Netif
default            perm     0                    rjct   529     1
::/128             perm     0                    dscd   527     1
ff00::/8           perm     0                    mdsc   528     1
ff02::1/128        perm     0 ff02::1            mcst   525     1

Routing table: vitoria-router.inet6
Internet6:
Destination        Type RtRef Next hop           Type Index NhRef Netif
default            perm     0                    rjct   575     1
::/128             perm     0                    dscd   573     1
ff00::/8           perm     0                    mdsc   574     1
ff02::1/128        perm     0 ff02::1            mcst   571     1

Routing table: default.mpls
MPLS:
Destination        Type RtRef Next hop           Type Index NhRef Netif
default            perm     0                    dscd    50     1

Routing table: default.ethernet-switching
ETHERNET-SWITCHING:
Destination        Type RtRef Next hop           Type Index NhRef Netif
default            perm     0                    dscd    66     1
2, *               intf     0                    rslv   538     1
3, *               user     0                    comp   580     2
3, *               intf     0                    rslv   539     1
3, 00:08:9b:c4:ff:3c user     0                  ucst   550    56 ge-0/0/1.0
3, 00:08:9b:c4:ff:3d user     0                  ucst   550    56 ge-0/0/1.0
3, 00:19:bb:d0:7b:3e user     0                  ucst   550    56 ge-0/0/1.0
3, 00:1a:64:c3:19:e4 user     0                  ucst   550    56 ge-0/0/1.0
3, 00:22:b0:bd:41:c5 user     0                  ucst   550    56 ge-0/0/1.0
3, 00:c0:b7:d7:7a:4a user     0                  ucst   550    56 ge-0/0/1.0
3, 0e:73:b1:37:4b:2a user     0                  ucst   550    56 ge-0/0/1.0
3, 0e:75:3a:6e:f3:09 user     0                  ucst   550    56 ge-0/0/1.0
3, 1e:1a:90:b0:48:4b user     0                  ucst   550    56 ge-0/0/1.0
3, 1e:ea:fd:66:8c:a8 user     0                  ucst   550    56 ge-0/0/1.0
3, 22:90:29:61:82:69 user     0                  ucst   550    56 ge-0/0/1.0
3, 2a:5c:5d:6b:f6:06 user     0                  ucst   550    56 ge-0/0/1.0
3, 36:10:37:16:bf:0a user     0                  ucst   550    56 ge-0/0/1.0
3, 36:13:a3:29:19:d8 user     0                  ucst   550    56 ge-0/0/1.0
3, 36:df:16:79:9b:15 user     0                  ucst   550    56 ge-0/0/1.0
3, 3a:27:15:e6:5a:b3 user     0                  ucst   550    56 ge-0/0/1.0
3, 3e:14:dd:14:e3:5b user     0                  ucst   550    56 ge-0/0/1.0
3, 42:48:a6:7a:1c:d4 user     0                  ucst   550    56 ge-0/0/1.0
3, 46:b9:b6:f8:74:e8 user     0                  ucst   550    56 ge-0/0/1.0
3, 4e:6a:08:6e:69:10 user     0                  ucst   550    56 ge-0/0/1.0
3, 56:17:e7:75:39:c9 user     0                  ucst   550    56 ge-0/0/1.0
3, 56:34:4e:2d:87:d2 user     0                  ucst   550    56 ge-0/0/1.0
3, 5e:22:32:f4:42:ad user     0                  ucst   550    56 ge-0/0/1.0
3, 64:87:88:4c:29:10 user     0                  recv    65     2
3, 66:77:42:80:75:ac user     0                  ucst   550    56 ge-0/0/1.0
3, 6e:51:d6:a0:cd:55 user     0                  ucst   550    56 ge-0/0/1.0
3, 76:27:c2:7e:73:cf user     0                  ucst   550    56 ge-0/0/1.0
3, 7e:6a:9d:01:52:4f user     0                  ucst   550    56 ge-0/0/1.0
3, 82:34:5e:58:63:e7 user     0                  ucst   550    56 ge-0/0/1.0
3, 82:8b:ea:a2:9c:3b user     0                  ucst   550    56 ge-0/0/1.0
3, 86:0b:7b:94:98:f8 user     0                  ucst   550    56 ge-0/0/1.0
3, 86:5f:ef:f6:0c:27 user     0                  ucst   550    56 ge-0/0/1.0
3, 92:f4:a1:ef:ed:48 user     0                  ucst   550    56 ge-0/0/1.0
3, 96:06:fc:e5:33:cb user     0                  ucst   550    56 ge-0/0/1.0
3, 96:2b:33:b6:95:58 user     0                  ucst   550    56 ge-0/0/1.0
3, a2:11:ec:08:3a:9b user     0                  ucst   550    56 ge-0/0/1.0
3, ba:50:87:c0:ad:fe user     0                  ucst   550    56 ge-0/0/1.0
3, ba:d5:77:fc:ea:fe user     0                  ucst   550    56 ge-0/0/1.0
3, be:7b:09:15:eb:78 user     0                  ucst   550    56 ge-0/0/1.0
3, c6:28:0d:9e:90:56 user     0                  ucst   550    56 ge-0/0/1.0
3, c6:c7:41:98:b0:f8 user     0                  ucst   550    56 ge-0/0/1.0
3, d2:d5:7f:12:82:82 user     0                  ucst   550    56 ge-0/0/1.0
3, da:84:e7:3d:5b:57 user     0                  ucst   550    56 ge-0/0/1.0
3, da:e2:ff:7d:a2:7e user     0                  ucst   550    56 ge-0/0/1.0
3, de:de:b0:30:5a:34 user     0                  ucst   550    56 ge-0/0/1.0
3, e2:a2:f9:2b:7c:a3 user     0                  ucst   550    56 ge-0/0/1.0
3, e4:1f:13:75:33:08 user     0                  ucst   550    56 ge-0/0/1.0
3, e4:1f:13:80:7b:31 user     0                  ucst   550    56 ge-0/0/1.0
3, e6:11:2d:d9:95:1c user     0                  ucst   550    56 ge-0/0/1.0
3, e6:63:b4:dc:bb:c6 user     0                  ucst   550    56 ge-0/0/1.0
3, ea:45:d4:f2:c3:f4 user     0                  ucst   550    56 ge-0/0/1.0
3, ea:51:1c:51:6d:91 user     0                  ucst   550    56 ge-0/0/1.0
3, ee:d0:20:bf:2e:c3 user     0                  ucst   550    56 ge-0/0/1.0
3, f2:ce:79:06:2b:ca user     0                  ucst   550    56 ge-0/0/1.0
3, fe:d2:9c:44:69:d9 user     0                  ucst   550    56 ge-0/0/1.0
4, *               user     0                    comp   581     2
4, *               intf     0                    rslv   556     1
4, 00:00:0c:07:ac:00 user     0                  ucst   554     5 ge-0/0/6.0
4, 00:11:93:24:5e:c0 user     0                  ucst   554     5 ge-0/0/6.0
4, 00:11:93:36:48:00 user     0                  ucst   554     5 ge-0/0/6.0
4, 64:87:88:4c:29:10 user     0                  recv    65     2
4, 76:d2:19:ef:11:76 user     0                  ucst   553     3 ge-0/0/5.0

Routing table: default.vmembers
VMEMBERS:
Destination        Type RtRef Next hop           Type Index NhRef Netif
default            perm     0                    dscd    74    15
70 65535           user     0                    dscd    74    15
71 65535           user     0                    dscd    74    15
72 65535           user     0                    dscd    74    15
73 65535           user     0                    dscd    74    15
74 65535           user     0                    dscd    74    15
75 65535           user     0                    dscd    74    15
76 65535           user     0                    dscd    74    15
77 65535           user     0                    dscd    74    15
78 65535           user     0                    dscd    74    15
79 65535           user     0                    dscd    74    15
80 65535           user     0                    dscd    74    15
81 65535           user     0                    dscd    74    15
82 65535           user     0                    dscd    74    15
83 65535           user     0                    dscd    74    15

RRouting table: default.MSTI
MSTI:
Destination        Type RtRef Next hop           Type Index NhRef Netif
default            perm     0                    dscd    82    29
70, 0              user     0                    dscd    82    29
70, 254            user     0                    dscd    82    29
71, 0              user     0                    dscd    82    29
71, 254            user     0                    dscd    82    29
72, 0              user     0                    dscd    82    29
72, 254            user     0                    dscd    82    29
73, 0              user     0                    dscd    82    29
73, 254            user     0                    dscd    82    29
74, 0              user     0                    dscd    82    29
74, 254            user     0                    dscd    82    29
75, 0              user     0                    dscd    82    29
75, 254            user     0                    dscd    82    29
76, 0              user     0                    dscd    82    29
76, 254            user     0                    dscd    82    29
77, 0              user     0                    dscd    82    29
77, 254            user     0                    dscd    82    29
78, 0              user     0                    dscd    82    29
78, 254            user     0                    dscd    82    29
79, 0              user     0                    dscd    82    29
79, 254            user     0                    dscd    82    29
80, 0              user     0                    dscd    82    29
80, 254            user     0                    dscd    82    29
81, 0              user     0                    dscd    82    29
81, 254            user     0                    dscd    82    29
82, 0              user     0                    dscd    82    29
82, 254            user     0                    dscd    82    29
83, 0              user     0                    dscd    82    29
83, 254            user     0                    dscd    82    29

Routing table: default.dhcp-snooping
DHCP Snooping:
Destination        Type RtRef Next hop           Type Index NhRef Netif
default            perm     0                    dscd    98     1

In your imported routes above you have called the routing instance v-router and not vitoria router which is the instance name,

    rib-groups {
        v-router {
            import-rib [ v-router.inet.0 inet.0 ];
        }

Try the following and then show the forwarding table again:

user@srx#delete routing-options
user@srx#set routing-options interface-routes rib-group inet v-router
user@srx#set routing-options rib-groups v-router import-rib [ inet.0 vitoria-router.inet.0]

Ok the config is now as following.

I had search and replaced some thing but, i can see this will just blur it too much.

and i just want to say that this i a new SRX i can do what ever i want with it there are nothing i have to save or

think about.

so if you have an example config i can try to put it in, if that is easyer or faster.. :O)

and againg thanks for using time on this...

-------------------------------------------------------------------------------------------

    ge-0/0/15 {
        unit 0 {
            family inet {
                address 130.185.128.145/24;
            }
        }
    }
    vlan {
        unit 0 {
            family inet {
                address 172.19.0.4/16;
            }
        }
        unit 1 {
            family inet {
                address 10.3.1.1/24;
            }
        }
    }
}

routing-options {
    interface-routes {
        rib-group inet victoria-router-rib;
    }
    rib-groups {
        victoria-router-rib {
            import-rib [ inet.0 victoria-router.inet.0 ];
        }
    }
}

firewall {
    family inet {
        filter classify-vlans {
            term victoriaproperties-route {
                from {
                    source-address {
                        10.3.1.0/24;
                    }
                }
                then {
                    routing-instance victoria-router;
                }
            }
            term default {
                then accept;
            }
        }
    }
}

routing-instances {
    victoria-router {
        instance-type forwarding;
        routing-options {
            static {
                route 0.0.0.0/0 next-hop 130.185.128.1;
            }
        }
    }
}

------------------------------------------------------------------------------------------------------------------------------------

Routing table: default.inet
Internet:
Destination        Type RtRef Next hop           Type Index NhRef Netif
default            perm     0                    rjct    36     1
0.0.0.0/32         perm     0                    dscd    34     1
10.3.1.0/24        intf     0                    rslv   585     1 vlan.1
10.3.1.0/32        dest     0 10.3.1.0           recv   583     1 vlan.1
10.3.1.1/32        intf     0 10.3.1.1           locl   584     3
10.3.1.1/32        dest     0 10.3.1.1           locl   584     3
10.3.1.112/32      dest     0 76:d2:19:ef:11:76  ucst   586     1 vlan.1
10.3.1.255/32      dest     0 10.3.1.255         bcst   582     1 vlan.1
130.185.128.0/24   intf     0                    rslv   588     1 ge-0/0/15.0
130.185.128.0/32   dest     0 130.185.128.0      recv   579     1 ge-0/0/15.0
130.185.128.1/32   dest     0 0:0:c:7:ac:0       ucst   590     3 ge-0/0/15.0
130.185.128.145/32 intf     0 130.185.128.145    locl   587     3
130.185.128.145/32 dest     0 130.185.128.145    locl   587     3
130.185.128.255/32 dest     0 130.185.128.255    bcst   555     1 ge-0/0/15.0
172.19.0.0/16      intf     0                    rslv   543     1 vlan.0
172.19.0.0/32      dest     0 172.19.0.0         recv   541     1 vlan.0
172.19.0.4/32      intf     0 172.19.0.4         locl   542     3
172.19.0.4/32      dest     0 172.19.0.4         locl   542     3
172.19.0.100/32    dest     1 96:2b:33:b6:95:58  ucst   551     2 vlan.0
172.19.5.9/32      dest     0 36:13:a3:29:19:d8  ucst   592     1 vlan.0
172.19.11.112/32   dest     0 f2:ce:79:6:2b:ca   ucst   557     1 vlan.0
172.19.255.255/32  dest     0 172.19.255.255     bcst   540     1 vlan.0
224.0.0.0/4        perm     0                    mdsc    35     1
224.0.0.1/32       perm     0 224.0.0.1          mcst    31     1
255.255.255.255/32 perm     0                    bcst    32     1

Routing table: __master.anon__.inet
Internet:
Destination        Type RtRef Next hop           Type Index NhRef Netif
default            perm     0                    rjct   517     1
0.0.0.0/32         perm     0                    dscd   515     1
224.0.0.0/4        perm     0                    mdsc   516     1
224.0.0.1/32       perm     0 224.0.0.1          mcst   512     1
255.255.255.255/32 perm     0                    bcst   513     1

Routing table: victoria-router.inet
Internet:
Destination        Type RtRef Next hop           Type Index NhRef Netif
default            user     0 0:0:c:7:ac:0       ucst   590     3 ge-0/0/15.0
default            perm     0                    rjct   596     1
0.0.0.0/32         perm     0                    dscd   594     1
10.3.1.0/24        user     0                    rtbl     1     4
10.3.1.1/32        user     0 10.3.1.1           locl   584     3
130.185.128.0/24   user     0                    rtbl     1     4
130.185.128.145/32 user     0 130.185.128.145    locl   587     3
172.19.0.0/16      user     0                    rtbl     1     4
172.19.0.4/32      user     0 172.19.0.4         locl   542     3
224.0.0.0/4        perm     0                    mdsc   595     1
224.0.0.1/32       perm     0 224.0.0.1          mcst   589     1
255.255.255.255/32 perm     0                    bcst   591     1

Routing table: default.iso
ISO:
Destination        Type RtRef Next hop           Type Index NhRef Netif
default            perm     0                    rjct    60     1

Routing table: __master.anon__.iso
ISO:
Destination        Type RtRef Next hop           Type Index NhRef Netif
default            perm     0                    rjct   523     1

Routing table: victoria-router.iso
ISO:
Destination        Type RtRef Next hop           Type Index NhRef Netif
default            perm     0                    rjct   602     1

Routing table: default.inet6
Internet6:
Destination        Type RtRef Next hop           Type Index NhRef Netif
default            perm     0                    rjct    44     1
::/128             perm     0                    dscd    42     1
ff00::/8           perm     0                    mdsc    43     1
ff02::1/128        perm     0 ff02::1            mcst    39     1

Routing table: __master.anon__.inet6
Internet6:
Destination        Type RtRef Next hop           Type Index NhRef Netif
default            perm     0                    rjct   529     1
::/128             perm     0                    dscd   527     1
ff00::/8           perm     0                    mdsc   528     1
ff02::1/128        perm     0 ff02::1            mcst   525     1

Routing table: victoria-router.inet6
Internet6:
Destination        Type RtRef Next hop           Type Index NhRef Netif
default            perm     0                    rjct   608     1
::/128             perm     0                    dscd   606     1
ff00::/8           perm     0                    mdsc   607     1
ff02::1/128        perm     0 ff02::1            mcst   604     1

Routing table: default.mpls
MPLS:
Destination        Type RtRef Next hop           Type Index NhRef Netif
default            perm     0                    dscd    50     1

Routing table: default.ethernet-switching
ETHERNET-SWITCHING:
Destination        Type RtRef Next hop           Type Index NhRef Netif
default            perm     0                    dscd    66     1
2, *               intf     0                    rslv   538     1
3, *               user     0                    comp   580     2
3, *               intf     0                    rslv   539     1
3, 00:19:bb:d0:7b:3e user     0                  ucst   550    49 ge-0/0/1.0
3, 00:1a:64:c3:19:e4 user     0                  ucst   550    49 ge-0/0/1.0
3, 00:22:b0:bd:41:c5 user     0                  ucst   550    49 ge-0/0/1.0
3, 00:c0:b7:d7:7a:4a user     0                  ucst   550    49 ge-0/0/1.0
3, 0e:73:b1:37:4b:2a user     0                  ucst   550    49 ge-0/0/1.0
3, 0e:75:3a:6e:f3:09 user     0                  ucst   550    49 ge-0/0/1.0
3, 1e:1a:90:b0:48:4b user     0                  ucst   550    49 ge-0/0/1.0
3, 22:90:29:61:82:69 user     0                  ucst   550    49 ge-0/0/1.0
3, 36:10:37:16:bf:0a user     0                  ucst   550    49 ge-0/0/1.0
3, 36:13:a3:29:19:d8 user     0                  ucst   550    49 ge-0/0/1.0
3, 36:df:16:79:9b:15 user     0                  ucst   550    49 ge-0/0/1.0
3, 3a:27:15:e6:5a:b3 user     0                  ucst   550    49 ge-0/0/1.0
3, 3e:14:dd:14:e3:5b user     0                  ucst   550    49 ge-0/0/1.0
3, 46:b9:b6:f8:74:e8 user     0                  ucst   550    49 ge-0/0/1.0
3, 4e:6a:08:6e:69:10 user     0                  ucst   550    49 ge-0/0/1.0
3, 56:17:e7:75:39:c9 user     0                  ucst   550    49 ge-0/0/1.0
3, 56:34:4e:2d:87:d2 user     0                  ucst   550    49 ge-0/0/1.0
3, 5e:22:32:f4:42:ad user     0                  ucst   550    49 ge-0/0/1.0
3, 62:14:6c:53:11:fb user     0                  ucst   550    49 ge-0/0/1.0
3, 64:87:88:4c:29:10 user     0                  recv    65     2
3, 66:77:42:80:75:ac user     0                  ucst   550    49 ge-0/0/1.0
3, 6e:51:d6:a0:cd:55 user     0                  ucst   550    49 ge-0/0/1.0
3, 7e:6a:9d:01:52:4f user     0                  ucst   550    49 ge-0/0/1.0
3, 82:34:5e:58:63:e7 user     0                  ucst   550    49 ge-0/0/1.0
3, 82:8b:ea:a2:9c:3b user     0                  ucst   550    49 ge-0/0/1.0
3, 86:5f:ef:f6:0c:27 user     0                  ucst   550    49 ge-0/0/1.0
3, 92:f4:a1:ef:ed:48 user     0                  ucst   550    49 ge-0/0/1.0
3, 96:06:fc:e5:33:cb user     0                  ucst   550    49 ge-0/0/1.0
3, 96:2b:33:b6:95:58 user     0                  ucst   550    49 ge-0/0/1.0
3, a2:11:ec:08:3a:9b user     0                  ucst   550    49 ge-0/0/1.0
3, ba:50:87:c0:ad:fe user     0                  ucst   550    49 ge-0/0/1.0
3, ba:81:37:cd:8b:4a user     0                  ucst   550    49 ge-0/0/1.0
3, ba:d5:77:fc:ea:fe user     0                  ucst   550    49 ge-0/0/1.0
3, be:7b:09:15:eb:78 user     0                  ucst   550    49 ge-0/0/1.0
3, c6:28:0d:9e:90:56 user     0                  ucst   550    49 ge-0/0/1.0
3, c6:c7:41:98:b0:f8 user     0                  ucst   550    49 ge-0/0/1.0
3, d2:d5:7f:12:82:82 user     0                  ucst   550    49 ge-0/0/1.0
3, da:84:e7:3d:5b:57 user     0                  ucst   550    49 ge-0/0/1.0
3, da:e2:ff:7d:a2:7e user     0                  ucst   550    49 ge-0/0/1.0
3, e2:a2:f9:2b:7c:a3 user     0                  ucst   550    49 ge-0/0/1.0
3, e4:1f:13:80:93:eb user     0                  ucst   550    49 ge-0/0/1.0
3, e6:11:2d:d9:95:1c user     0                  ucst   550    49 ge-0/0/1.0
3, e6:63:b4:dc:bb:c6 user     0                  ucst   550    49 ge-0/0/1.0
3, ea:45:d4:f2:c3:f4 user     0                  ucst   550    49 ge-0/0/1.0
3, ea:51:1c:51:6d:91 user     0                  ucst   550    49 ge-0/0/1.0
3, ee:d0:20:bf:2e:c3 user     0                  ucst   550    49 ge-0/0/1.0
3, f2:ce:79:06:2b:ca user     0                  ucst   550    49 ge-0/0/1.0
3, fe:d2:9c:44:69:d9 user     0                  ucst   550    49 ge-0/0/1.0
4, *               user     0                    comp   581     2
4, *               intf     0                    rslv   556     1
4, 00:00:0c:07:ac:00 user     0                  ucst   554     5 ge-0/0/6.0
4, 00:11:93:24:5e:c0 user     0                  ucst   554     5 ge-0/0/6.0
4, 00:11:93:36:48:00 user     0                  ucst   554     5 ge-0/0/6.0
4, 64:87:88:4c:29:10 user     0                  recv    65     2
4, 76:d2:19:ef:11:76 user     0                  ucst   553     3 ge-0/0/5.0

Routing table: default.vmembers
VMEMBERS:
Destination        Type RtRef Next hop           Type Index NhRef Netif
default            perm     0                    dscd    74    15
70 65535           user     0                    dscd    74    15
71 65535           user     0                    dscd    74    15
72 65535           user     0                    dscd    74    15
73 65535           user     0                    dscd    74    15
74 65535           user     0                    dscd    74    15
75 65535           user     0                    dscd    74    15
76 65535           user     0                    dscd    74    15
77 65535           user     0                    dscd    74    15
78 65535           user     0                    dscd    74    15
79 65535           user     0                    dscd    74    15
80 65535           user     0                    dscd    74    15
81 65535           user     0                    dscd    74    15
82 65535           user     0                    dscd    74    15
83 65535           user     0                    dscd    74    15

Routing table: default.MSTI
MSTI:
Destination        Type RtRef Next hop           Type Index NhRef Netif
default            perm     0                    dscd    82    29
70, 0              user     0                    dscd    82    29
70, 254            user     0                    dscd    82    29
71, 0              user     0                    dscd    82    29
71, 254            user     0                    dscd    82    29
72, 0              user     0                    dscd    82    29
72, 254            user     0                    dscd    82    29
73, 0              user     0                    dscd    82    29
73, 254            user     0                    dscd    82    29
74, 0              user     0                    dscd    82    29
74, 254            user     0                    dscd    82    29
75, 0              user     0                    dscd    82    29
75, 254            user     0                    dscd    82    29
76, 0              user     0                    dscd    82    29
76, 254            user     0                    dscd    82    29
77, 0              user     0                    dscd    82    29
77, 254            user     0                    dscd    82    29
78, 0              user     0                    dscd    82    29
78, 254            user     0                    dscd    82    29
79, 0              user     0                    dscd    82    29
79, 254            user     0                    dscd    82    29
80, 0              user     0                    dscd    82    29
80, 254            user     0                    dscd    82    29
81, 0              user     0                    dscd    82    29
81, 254            user     0                    dscd    82    29
82, 0              user     0                    dscd    82    29
82, 254            user     0                    dscd    82    29
83, 0              user     0                    dscd    82    29
83, 254            user     0                    dscd    82    29

Routing table: default.dhcp-snooping
DHCP Snooping:
Destination        Type RtRef Next hop           Type Index NhRef Netif
default            perm     0                    dscd    98     1

Hi,

Now the routing table victoria looks much better and you can see the routes are present.

Routing table: victoria-router.inet
Internet:
Destination        Type RtRef Next hop           Type Index NhRef Netif
default            user     0 0:0:c:7:ac:0       ucst   590     3 ge-0/0/15.0
default            perm     0                    rjct   596     1
0.0.0.0/32         perm     0                    dscd   594     1
10.3.1.0/24        user     0                    rtbl     1     4
10.3.1.1/32        user     0 10.3.1.1           locl   584     3
130.185.128.0/24   user     0                    rtbl     1     4
130.185.128.145/32 user     0 130.185.128.145    locl   587     3
172.19.0.0/16      user     0                    rtbl     1     4
172.19.0.4/32      user     0 172.19.0.4         locl   542     3
224.0.0.0/4        perm     0                    mdsc   595     1
224.0.0.1/32       perm     0 224.0.0.1          mcst   589     1
255.255.255.255/32 perm     0                    bcst   591     1

 What is happening now? Is anything working? Can you traceroute out from the vlan in question to the internet?

You could use a security flow trace to capture any issues now if you have any.

http://kb.juniper.net/InfoCenter/index?page=content&id=KB16108&smlogin=true

Hello,

I have a computer set on vlan33 ip 10.3.1.112/24 default gw 10.3.1.1 but i am not able to ping anything on the internet.

I can ping 10.3.1.1  but that is it.

Kind regards

Gert

Hi,

Can you enable a flow trace as above and ping out to the gateway, then capture the appropriate data with a filter and paste it here?

I'd say you are pretty close now, if traffic is going out.

yes i will do that now, but if you have time to respond tomorrow it would be great.

Thanks Gert

And here 12% is :

Aug 14 19:12:07 19:12:06.1180023:CID-0:RT:  flow_first_final_check: in <vlan.1>, out <.local..0>

Aug 14 19:12:08 19:12:06.1180023:CID-0:RT:construct v4 vector for nsp2

Aug 14 19:12:08 19:12:06.1180023:CID-0:RT:  existing vector list 200-421429b0.

Aug 14 19:12:08 19:12:06.1180023:CID-0:RT:  Session (id:40458) created for first pak 200

Aug 14 19:12:08 19:12:06.1180023:CID-0:RT:  flow_first_install_session======> 0x461cdd28

Aug 14 19:12:08 19:12:06.1180023:CID-0:RT: nsp 0x461cdd28, nsp2 0x461cdda8

Aug 14 19:12:08 19:12:06.1180023:CID-0:RT:  make_nsp_ready_no_resolve()

Aug 14 19:12:08 19:12:06.1180023:CID-0:RT:  route lookup: dest-ip 10.3.1.112 orig ifp vlan.1 output_ifp vlan.1 orig-zone 8 out-zone 8 vsd 0

Aug 14 19:12:08 19:12:06.1180023:CID-0:RT:  route to 10.3.1.112

Aug 14 19:12:08 19:12:06.1180023:CID-0:RT:no need update ha

Aug 14 19:12:08 19:12:06.1180023:CID-0:RT:Installing c2s NP session wing

Aug 14 19:12:08 19:12:06.1180023:CID-0:RT:Installing s2c NP session wing

Aug 14 19:12:08 19:12:06.1180023:CID-0:RT:avt_get_config_by_lsys_id: Not supported on low memory platforms.

Aug 14 19:12:08 19:12:06.1180023:CID-0:RT:  flow got session.

Aug 14 19:12:08 19:12:06.1180023:CID-0:RT:  flow session id 40458

Aug 14 19:12:08 19:12:06.1180023:CID-0:RT:avt_get_config_by_lsys_id: Not supported on low memory platforms.

Aug 14 19:12:08 19:12:06.1180526:CID-0:RT: vector bits 0x200 vector 0x421429b0

Aug 14 19:12:08 19:12:06.1180526:CID-0:RT:mbuf 0x4094c000, exit nh 0xfffb0006

Aug 14 19:12:08 19:12:06.1180526:CID-0:RT: ----- flow_process_pkt rc 0x0 (fp rc 0)


Aug 14 19:12:08 19:12:06.1180526:CID-0:RT:<10.3.1.1/17->10.3.1.112/55998;1> :

Aug 14 19:12:08 19:12:06.1180526:CID-0:RT:packet [60] ipid = 2197, @4094c21c

Aug 14 19:12:08 19:12:06.1180526:CID-0:RT:---- flow_process_pkt: (thd 3): flow_ctxt type 0, common flag 0x0, mbuf 0x4094c000, rtbl_idx = 0

Aug 14 19:12:08 19:12:06.1180526:CID-0:RT: in_ifp <junos-self:.local..0>

Aug 14 19:12:08 19:12:06.1180526:CID-0:RT:flow_process_pkt_exception: setting rtt in lpak to 43b66540

Aug 14 19:12:08 19:12:06.1180526:CID-0:RT:  .local..0:10.3.1.1->10.3.1.112, icmp, (0/0)

Aug 14 19:12:08 19:12:06.1180526:CID-0:RT: find flow: table 0x46e8b360, hash 21500(0xffff), sa 10.3.1.1, da 10.3.1.112, sp 17, dp 55998, proto 1, tok 2

Aug 14 19:12:08 19:12:06.1180724:CID-0:RT:  flow got session.

Aug 14 19:12:08 19:12:06.1180724:CID-0:RT:  flow session id 40458

Aug 14 19:12:08 19:12:06.1180724:CID-0:RT:avt_get_config_by_lsys_id: Not supported on low memory platforms.

Aug 14 19:12:08 19:12:06.1180724:CID-0:RT: vector bits 0x200 vector 0x421429b0

Aug 14 19:12:08 19:12:06.1180766:CID-0:RT:mbuf 0x4094c000, exit nh 0xe0010

Aug 14 19:12:08 19:12:06.1180766:CID-0:RT:flow_process_pkt_exception: Freeing lpak 3fbeb980 associated with mbuf 0x4094c000

Aug 14 19:12:08 19:12:06.1180810:CID-0:RT: ----- flow_process_pkt rc 0x0 (fp rc 0)


Aug 14 19:12:08 19:12:06.1194896:CID-0:RT:<10.3.1.112/56000->192.38.74.50/17;1> :

Aug 14 19:12:08 19:12:06.1194896:CID-0:RT:packet [60] ipid = 2199, @40945c1c
---(more)---
Aug 14 19:12:08 19:12:06.1194896:CID-0:RT:---- flow_process_pkt: (thd 3): flow_ctxt type 13, common flag 0x0, mbuf 0x40945a00, rtbl_idx = 0

Aug 14 19:12:08 19:12:06.1195064:CID-0:RT: flow process pak fast ifl 88 in_ifp vlan.1

Aug 14 19:12:08 19:12:06.1195064:CID-0:RT:  vlan.1:10.3.1.112->192.38.74.50, icmp, (8/0)

Aug 14 19:12:08 19:12:06.1195064:CID-0:RT: find flow: table 0x46e8b360, hash 37343(0xffff), sa 10.3.1.112, da 192.38.74.50, sp 56000, dp 17, proto 1, tok 8

Aug 14 19:12:08 19:12:06.1195064:CID-0:RT:  no session found, start first path. in_tunnel - 0, from_cp_flag - 0

Aug 14 19:12:08 19:12:06.1195064:CID-0:RT:  flow_first_create_session

Aug 14 19:12:08 19:12:06.1195064:CID-0:RT:  flow_first_in_dst_nat: in <vlan.1>, out <N/A> dst_adr 192.38.74.50, sp 56000, dp 17

Aug 14 19:12:08 19:12:06.1195064:CID-0:RT:  chose interface vlan.1 as incoming nat if.

Aug 14 19:12:08 19:12:06.1195064:CID-0:RT:flow_first_rule_dst_xlate: DST no-xlate: 0.0.0.0(0) to 192.38.74.50(17)

Aug 14 19:12:08 19:12:06.1195064:CID-0:RT:flow_first_routing: vr_id 0, call flow_route_lookup(): src_ip 10.3.1.112, x_dst_ip 192.38.74.50, in ifp vlan.1, out ifp N/A sp 56000, dp 17, ip_proto 1, tos 0

Aug 14 19:12:08 19:12:06.1195064:CID-0:RT:Doing DESTINATION addr route-lookup

Aug 14 19:12:08 19:12:06.1195064:CID-0:RT:  packet dropped, no route to dest

Aug 14 19:12:08 19:12:06.1195064:CID-0:RT:flow_first_routing: DEST route-lookup failed, dropping pkt and not creating session nh: 4294967295

Aug 14 19:12:08 19:12:06.1195064:CID-0:RT:  packet dropped, ROUTE_REJECT_GEN_ICMP.

Aug 14 19:12:08 19:12:06.1195064:CID-0:RT:flow send icmp: pak->natp=0x461cdef0, pak->nsp=0x461cdef0

Aug 14 19:12:08 19:12:06.1195064:CID-0:RT:Embedded ICMP outer iphdr before xlate: 0a030101/768 -> 0a030170/42915

Aug 14 19:12:08 19:12:06.1195313:CID-0:RT:Embedded ICMP inner iphdr before xlate: 0a030170/2048 -> c0264a32/29322

Aug 14 19:12:08 19:12:06.1195313:CID-0:RT:flow_handle_icmp_xlate

Aug 14 19:12:08 19:12:06.1195313:CID-0:RT:xlate_icmp_pak

Aug 14 19:12:08 19:12:06.1195313:CID-0:RT:xlate_icmp_pak handle icmp4 embeded ip

Aug 14 19:12:08 19:12:06.1195313:CID-0:RT:Embedded ICMP outer iphdr after xlate: 0a030101/768 -> 0a030170/42915

Aug 14 19:12:08 19:12:06.1195313:CID-0:RT:Embedded ICMP inner iphdr after xlate: 0a030170/2048 -> c0264a32/29322

Aug 14 19:12:08 19:12:06.1195424:CID-0:RT:Sending icmp:3, code: 0

Aug 14 19:12:08 19:12:06.1195424:CID-0:RT:skip pre-frag: is_tunnel_if- 0, is_if_mtu_configured- 0

Aug 14 19:12:08 19:12:06.1195424:CID-0:RT:  encap vector

Aug 14 19:12:08 19:12:06.1195424:CID-0:RT:  no more encapping needed

Aug 14 19:12:08 19:12:06.1195424:CID-0:RT:  **** pak processing end.

Aug 14 19:12:08 19:12:06.1195424:CID-0:RT:flow_first_routing: Sending icmp/tcp-rst for route-lookup failure

Aug 14 19:12:08 19:12:06.1195424:CID-0:RT:  flow find session returns error.

Aug 14 19:12:08 19:12:06.1195424:CID-0:RT: ----- flow_process_pkt rc 0x7 (fp rc -1)


Aug 14 19:12:08 19:12:06.1217055:CID-0:RT:<172.19.0.100/64087->172.19.0.4/22;6> :

Aug 14 19:12:08 19:12:06.1217099:CID-0:RT:packet [92] ipid = 9840, @4094b11c

Aug 14 19:12:08 19:12:06.1217099:CID-0:RT:---- flow_process_pkt: (thd 3): flow_ctxt type 13, common flag 0x0, mbuf 0x4094af00, rtbl_idx = 0

Aug 14 19:12:08 19:12:06.1217134:CID-0:RT: flow process pak fast ifl 68 in_ifp vlan.0

Aug 14 19:12:08 19:12:06.1217148:CID-0:RT:  vlan.0:172.19.0.100/64087->172.19.0.4/22, tcp, flag 18
Aug 14 19:12:08 19:12:06.1217180:CID-0:RT: find flow: table 0x46e8b360, hash 46719(0xffff), sa 172.19.0.100, da 172.19.0.4, sp 64087, dp 22, proto 6, tok 6

Aug 14 19:12:08 19:12:06.1217217:CID-0:RT:  flow got session.

Aug 14 19:12:08 19:12:06.1217217:CID-0:RT:  flow session id 9826

Aug 14 19:12:08 19:12:06.1217230:CID-0:RT:avt_get_config_by_lsys_id: Not supported on low memory platforms.

Aug 14 19:12:08 19:12:06.1217230:CID-0:RT: vector bits 0x2 vector 0x420f9db0

Aug 14 19:12:08 19:12:06.1217230:CID-0:RT:mbuf 0x4094af00, exit nh 0xfffb0006

Aug 14 19:12:08 19:12:06.1217273:CID-0:RT: ----- flow_process_pkt rc 0x0 (fp rc 0)


Aug 14 19:12:08 19:12:06.1309969:CID-0:RT:<172.19.0.4/22->172.19.0.100/64087;6> :

Aug 14 19:12:08 19:12:06.1309989:CID-0:RT:packet [92] ipid = 21938, @40dc22d2

Aug 14 19:12:08 19:12:06.1310026:CID-0:RT:---- flow_process_pkt: (thd 3): flow_ctxt type 0, common flag 0x0, mbuf 0x40dc2080, rtbl_idx = 0

Aug 14 19:12:08 19:12:06.1310050:CID-0:RT: in_ifp <junos-self:.local..0>

Aug 14 19:12:08 19:12:06.1310050:CID-0:RT:flow_process_pkt_exception: setting rtt in lpak to 43b66540

Aug 14 19:12:08 19:12:06.1310050:CID-0:RT:Using vr id from pfe_tag with value= 0

Aug 14 19:12:08 19:12:06.1310050:CID-0:RT:Changing lpak->in_ifp from:.local..0 -> to:.local..0

Aug 14 19:12:08 19:12:06.1310050:CID-0:RT:Over-riding lpak->vsys with 0

Aug 14 19:12:08 19:12:06.1310050:CID-0:RT:  .local..0:172.19.0.4/22->172.19.0.100/64087, tcp, flag 18

Aug 14 19:12:08 19:12:06.1310050:CID-0:RT: find flow: table 0x46e8b360, hash 63624(0xffff), sa 172.19.0.4, da 172.19.0.100, sp 22, dp 64087, proto 6, tok 2

Aug 14 19:12:08 19:12:06.1310050:CID-0:RT:  flow got session.

Aug 14 19:12:08 19:12:06.1310050:CID-0:RT:  flow session id 9826

Aug 14 19:12:08 19:12:06.1310050:CID-0:RT:avt_get_config_by_lsys_id: Not supported on low memory platforms.

Aug 14 19:12:08 19:12:06.1310050:CID-0:RT: vector bits 0x2 vector 0x420f9db0

Aug 14 19:12:08 19:12:06.1310050:CID-0:RT:mbuf 0x40dc2080, exit nh 0xb0010

Aug 14 19:12:08 19:12:06.1310050:CID-0:RT:flow_process_pkt_exception: Freeing lpak 3fbeb8e8 associated with mbuf 0x40dc2080

Aug 14 19:12:08 19:12:06.1310050:CID-0:RT: ----- flow_process_pkt rc 0x0 (fp rc 0)


Aug 14 19:12:08 19:12:06.1323580:CID-0:RT:<172.19.0.4/22->172.19.0.100/64087;6> :

Aug 14 19:12:08 19:12:06.1323623:CID-0:RT:packet [108] ipid = 21940, @40dc22d2

Aug 14 19:12:08 19:12:06.1323623:CID-0:RT:---- flow_process_pkt: (thd 3): flow_ctxt type 0, common flag 0x0, mbuf 0x40dc2080, rtbl_idx = 0

Aug 14 19:12:08 19:12:06.1323623:CID-0:RT: in_ifp <junos-self:.local..0>

Aug 14 19:12:08 19:12:06.1323623:CID-0:RT:flow_process_pkt_exception: setting rtt in lpak to 43b66540

Aug 14 19:12:08 19:12:06.1323623:CID-0:RT:Using vr id from pfe_tag with value= 0

Aug 14 19:12:08 19:12:06.1323623:CID-0:RT:Changing lpak->in_ifp from:.local..0 -> to:.local..0

Aug 14 19:12:08 19:12:06.1323623:CID-0:RT:Over-riding lpak->vsys with 0

Aug 14 19:12:08 19:12:06.1323623:CID-0:RT:  .local..0:172.19.0.4/22->172.19.0.100/64087, tcp, flag 18

Aug 14 19:12:08 19:12:06.1323623:CID-0:RT: find flow: table 0x46e8b360, hash 63624(0xffff), sa 172.19.0.4, da 172.19.0.100, sp 22, dp 64087, proto 6, tok 2
Aug 14 19:12:08 19:12:06.1323623:CID-0:RT:  flow got session.

Aug 14 19:12:08 19:12:06.1323623:CID-0:RT:  flow session id 9826

Aug 14 19:12:08 19:12:06.1323623:CID-0:RT:avt_get_config_by_lsys_id: Not supported on low memory platforms.

Aug 14 19:12:08 19:12:06.1323623:CID-0:RT: vector bits 0x2 vector 0x420f9db0

Aug 14 19:12:08 19:12:06.1323623:CID-0:RT:mbuf 0x40dc2080, exit nh 0xb0010

Aug 14 19:12:08 19:12:06.1323623:CID-0:RT:flow_process_pkt_exception: Freeing lpak 3fbeb8e8 associated with mbuf 0x40dc2080

Aug 14 19:12:08 19:12:06.1323623:CID-0:RT: ----- flow_process_pkt rc 0x0 (fp rc 0)


Aug 14 19:12:08 19:12:06.1327383:CID-0:RT:<172.19.0.4/22->172.19.0.100/64087;6> :

Aug 14 19:12:08 19:12:06.1327383:CID-0:RT:packet [108] ipid = 21942, @40dc22d2

Aug 14 19:12:08 19:12:06.1327383:CID-0:RT:---- flow_process_pkt: (thd 3): flow_ctxt type 0, common flag 0x0, mbuf 0x40dc2080, rtbl_idx = 0

Aug 14 19:12:08 19:12:06.1327383:CID-0:RT: in_ifp <junos-self:.local..0>

Aug 14 19:12:08 19:12:06.1327383:CID-0:RT:flow_process_pkt_exception: setting rtt in lpak to 43b66540

Aug 14 19:12:08 19:12:06.1327383:CID-0:RT:Using vr id from pfe_tag with value= 0

Aug 14 19:12:08 19:12:06.1327383:CID-0:RT:Changing lpak->in_ifp from:.local..0 -> to:.local..0

Aug 14 19:12:08 19:12:06.1327383:CID-0:RT:Over-riding lpak->vsys with 0

Aug 14 19:12:08 19:12:06.1327383:CID-0:RT:  .local..0:172.19.0.4/22->172.19.0.100/64087, tcp, flag 18

Aug 14 19:12:08 19:12:06.1327525:CID-0:RT: find flow: table 0x46e8b360, hash 63624(0xffff), sa 172.19.0.4, da 172.19.0.100, sp 22, dp 64087, proto 6, tok 2

Aug 14 19:12:08 19:12:06.1327525:CID-0:RT:  flow got session.

Aug 14 19:12:08 19:12:06.1327525:CID-0:RT:  flow session id 9826

Aug 14 19:12:08 19:12:06.1327525:CID-0:RT:avt_get_config_by_lsys_id: Not supported on low memory platforms.

Aug 14 19:12:08 19:12:06.1327603:CID-0:RT: vector bits 0x2 vector 0x420f9db0

Aug 14 19:12:08 19:12:06.1327603:CID-0:RT:mbuf 0x40dc2080, exit nh 0xb0010

Aug 14 19:12:08 19:12:06.1327603:CID-0:RT:flow_process_pkt_exception: Freeing lpak 3fbeb8e8 associated with mbuf 0x40dc2080

Aug 14 19:12:08 19:12:06.1327603:CID-0:RT: ----- flow_process_pkt rc 0x0 (fp rc 0)


Aug 14 19:12:08 19:12:06.1327672:CID-0:RT:<172.19.0.100/64087->172.19.0.4/22;6> :

Aug 14 19:12:08 19:12:06.1327672:CID-0:RT:packet [40] ipid = 9845, @4094d31c

Aug 14 19:12:08 19:12:06.1327672:CID-0:RT:---- flow_process_pkt: (thd 3): flow_ctxt type 13, common flag 0x0, mbuf 0x4094d100, rtbl_idx = 0

Aug 14 19:12:08 19:12:06.1327672:CID-0:RT: flow process pak fast ifl 68 in_ifp vlan.0

Aug 14 19:12:08 19:12:06.1327672:CID-0:RT:  vlan.0:172.19.0.100/64087->172.19.0.4/22, tcp, flag 10

Aug 14 19:12:08 19:12:06.1327672:CID-0:RT: find flow: table 0x46e8b360, hash 46719(0xffff), sa 172.19.0.100, da 172.19.0.4, sp 64087, dp 22, proto 6, tok 6

Aug 14 19:12:08 19:12:06.1327672:CID-0:RT:  flow got session.

Aug 14 19:12:08 19:12:06.1327672:CID-0:RT:  flow session id 9826

Aug 14 19:12:08 19:12:06.1327672:CID-0:RT:avt_get_config_by_lsys_id: Not supported on low memory platforms.

Aug 14 19:12:08 19:12:06.1327672:CID-0:RT: vector bits 0x2 vector 0x420f9db0

Aug 14 19:12:08 19:12:06.1327672:CID-0:RT:mbuf 0x4094d100, exit nh 0xfffb0006
Aug 14 19:12:08 19:12:06.1327672:CID-0:RT: ----- flow_process_pkt rc 0x0 (fp rc 0)


Aug 14 19:12:08 19:12:06.1521940:CID-0:RT:<172.19.0.100/64087->172.19.0.4/22;6> :

Aug 14 19:12:08 19:12:06.1521940:CID-0:RT:packet [40] ipid = 9858, @4094ca9c

Aug 14 19:12:08 19:12:06.1521940:CID-0:RT:---- flow_process_pkt: (thd 3): flow_ctxt type 13, common flag 0x0, mbuf 0x4094c880, rtbl_idx = 0

Aug 14 19:12:08 19:12:06.1521940:CID-0:RT: flow process pak fast ifl 68 in_ifp vlan.0

Aug 14 19:12:08 19:12:06.1522143:CID-0:RT:  vlan.0:172.19.0.100/64087->172.19.0.4/22, tcp, flag 10

Aug 14 19:12:08 19:12:06.1522143:CID-0:RT: find flow: table 0x46e8b360, hash 46719(0xffff), sa 172.19.0.100, da 172.19.0.4, sp 64087, dp 22, proto 6, tok 6

Aug 14 19:12:08 19:12:06.1522143:CID-0:RT:  flow got session.

Aug 14 19:12:08 19:12:06.1522143:CID-0:RT:  flow session id 9826

Aug 14 19:12:08 19:12:06.1522143:CID-0:RT:avt_get_config_by_lsys_id: Not supported on low memory platforms.

Aug 14 19:12:08 19:12:06.1522143:CID-0:RT: vector bits 0x2 vector 0x420f9db0

Aug 14 19:12:08 19:12:06.1522143:CID-0:RT:mbuf 0x4094c880, exit nh 0xfffb0006

Aug 14 19:12:08 19:12:06.1522143:CID-0:RT: ----- flow_process_pkt rc 0x0 (fp rc 0)


Aug 14 19:12:08 19:12:06.1694275:CID-0:RT:<10.3.1.112/56001->130.185.128.1/17;1> :

Aug 14 19:12:08 19:12:06.1694275:CID-0:RT:packet [60] ipid = 2200, @4094759c

Aug 14 19:12:08 19:12:06.1694275:CID-0:RT:---- flow_process_pkt: (thd 2): flow_ctxt type 13, common flag 0x0, mbuf 0x40947380, rtbl_idx = 0

Aug 14 19:12:08 19:12:06.1694275:CID-0:RT: flow process pak fast ifl 88 in_ifp vlan.1

Aug 14 19:12:08 19:12:06.1694275:CID-0:RT:  vlan.1:10.3.1.112->130.185.128.1, icmp, (8/0)

Aug 14 19:12:08 19:12:06.1694275:CID-0:RT: find flow: table 0x46e8b360, hash 35441(0xffff), sa 10.3.1.112, da 130.185.128.1, sp 56001, dp 17, proto 1, tok 8

Aug 14 19:12:08 19:12:06.1694275:CID-0:RT:  no session found, start first path. in_tunnel - 0, from_cp_flag - 0

Aug 14 19:12:08 19:12:06.1694275:CID-0:RT:  flow_first_create_session

Aug 14 19:12:08 19:12:06.1694275:CID-0:RT:  flow_first_in_dst_nat: in <vlan.1>, out <N/A> dst_adr 130.185.128.1, sp 56001, dp 17

Aug 14 19:12:08 19:12:06.1694275:CID-0:RT:  chose interface vlan.1 as incoming nat if.

Aug 14 19:12:08 19:12:06.1694275:CID-0:RT:flow_first_rule_dst_xlate: DST no-xlate: 0.0.0.0(0) to 130.185.128.1(17)

Aug 14 19:12:08 19:12:06.1694275:CID-0:RT:flow_first_routing: vr_id 0, call flow_route_lookup(): src_ip 10.3.1.112, x_dst_ip 130.185.128.1, in ifp vlan.1, out ifp N/A sp 56001, dp 17, ip_proto 1, tos 0

Aug 14 19:12:08 19:12:06.1694275:CID-0:RT:Doing DESTINATION addr route-lookup

Aug 14 19:12:08 19:12:06.1694275:CID-0:RT:  routed (x_dst_ip 130.185.128.1) from trust-victoriaproperties (vlan.1 in 0) to ge-0/0/15.0, Next-hop: 130.185.128.1

Aug 14 19:12:08 19:12:06.1694275:CID-0:RT:  policy search from zone trust-victoriaproperties-> zone untrust-victoriaproperties (0x0,0xdac10011,0x11)

Aug 14 19:12:08 19:12:06.1694708:CID-0:RT:  app 0, timeout 60s, curr ageout 60s

Aug 14 19:12:08 19:12:06.1694708:CID-0:RT:flow_first_src_xlate:  nat_src_xlated: False, nat_src_xlate_failed: False

Aug 14 19:12:08 19:12:06.1694708:CID-0:RT:flow_first_src_xlate: src nat returns status: 1, rule/pool id: 2/32770, pst_nat: False.

Aug 14 19:12:08 19:12:06.1694708:CID-0:RT:  dip id = 2/1, 10.3.1.112/56001->130.185.128.145/45509 protocol 58

Aug 14 19:12:08 19:12:06.1694708:CID-0:RT:  choose interface ge-0/0/15.0 as outgoing phy if

Aug 14 19:12:08 19:12:06.1694708:CID-0:RT:is_loop_pak: No loop: on ifp: ge-0/0/15.0, addr: 130.185.128.1, rtt_idx:0

192.38.74.50 has no route in the routing table to it

Aug 14 19:12:08 19:12:06.1195064:CID-0:RT:flow_first_routing: vr_id 0, call flow_route_lookup(): src_ip 10.3.1.112, x_dst_ip 192.38.74.50, in ifp vlan.1, out ifp N/A sp 56000, dp 17, ip_proto 1, tos 0


130.185.128.1 has a route in the routing table so the below works fine, is this your default gateway?  I assume so, then all should be fine,  if not can you enable 10.3.1.0/24 as a packet filter in your trace, it will make it all easier to read and only log packets with a source and destination for your vlan, then try and connect to the internet, google or some website

user@srx#set security flow traceoptions packet-filter filter1 source-prefix 10.3.1.0/24
user@srx#set security flow traceoptions packet-filter filter1 destination-prefix 10.3.1.0/24

Aug 14 19:12:08 19:12:06.1694275:CID-0:RT:flow_first_routing: vr_id 0, call flow_route_lookup(): src_ip 10.3.1.112, x_dst_ip 130.185.128.1, in ifp vlan.1, out ifp N/A sp 56001, dp 17, ip_proto 1, tos 0

Aug 14 19:12:08 19:12:06.1694275:CID-0:RToing DESTINATION addr route-lookup

Aug 14 19:12:08 19:12:06.1694275:CID-0:RT:  routed (x_dst_ip 130.185.128.1) from trust-victoriaproperties (vlan.1 in 0) to ge-0/0/15.0, Next-hop: 130.185.128.1

yes i will do that now, but i can wait until tomorrw.. :O)

I have put in the firewall rule as an input filter on vlan33, now i can ping the internet.

i still need some test but it looks much better now.

Thanks..

Gert

funny thing now i can not ping 10.3.1.1..

Kinbd regards

Gert

You can just use an except in your firewall filter, everything is getting pushed into the routing instance.  Try it without the 0.0.0.0/0 bit, i think it works but wasn't 100% sure.

firewall {
    family inet {
        filter classify-vlans {
            term victoriaproperties-route {
                from {
                    source-address {
                        10.3.1.0/24;
                    }
		    destination-address {
                        0.0.0.0/0;
                        10.3.1.1/32 except;
                }
                then {
                    routing-instance victoria-router;
                }
            }
            term default {
                then accept;
            }
        }
    }

Great now that works too, i did try i without 0.0.0.0/0 as en exeption that did not work 🙂

I want to make a route from 10.3.1.0 to 192.168.1.0 though 10.3.1.4

still keeping my 10.3.1.1 as a default gateway, do you have any idea where i should look.

i know it is out of this topic but it would be nice... :O)

Kind regards

Gert

and now the route thing works tooo... :O)

Great thank you VERY much 6 days...

I am a happy man now,....

Kind regards

Gert

Great, glad to help. 

Good Luck with your SRX

hello MMcD,

I think i have marked your anserv as accepted, and have gived you kudos....

I i havent please tell me..

Thanks for your time..

Kind regards

Gert

And now i have set up a nat, now i can ping 130.185.128.1 but still no internet ip...

Kind regards

Gert

Easiest way will probably be to put vlan.33 into a separate virtual router (VR) and set a default route in that VR out to the internet. Traffic on your other VLANs can then be routed separately.

Good luck!

HI

I want to know how to check the previous commads in juniper firewall isg-2000. I want to check which user has logged in the system and which commands he has fired. Anyone please help me guys..

Thnaks in advance