SRX Services Gateway
Reply
Visitor
solarmatrix
Posts: 2
Registered: ‎12-26-2011
0
Accepted Solution

SRX 210 - No internet access using local network DNS

[ Edited ]

Hello Group

I'm not a networking person so will try to explain as best I can.

We have an exisiting network using Windows SBS (file/mail/dns/dhcp) and connect to our ADSL service via a Dlink modem.

Replacing the Dlink modem with a Juniper SRX 210 (and ADSL pim) results in the following:

- External addresses can be pinged.

- a PC set to use our ISP external DNS can access websites.

- a PC set to use the local DNS cannot access websites using a URL, that is 74.125.237.16 in the browser works but google.com in the browser doesn't.

Testing DNS from the SBS results in external DNS queries failing.

 

I've tried the tcp-mss - 1300, interface mtu -1492 settings and as a last resort disabled the DNS ALG. 

Disabling the DNS ALG resulted in one website working though it wasn't google.com.

Also, tried changing the default-deny to permit from untrust-to-trust.

Strangely, when the SRX 210 is in the factory default DHCP mode then web browsing works.

 

That's about as far as my current knowledge goes and any pointers as to where to look next would be greatly appreciated.

Cheers

Andrew

Visitor
solarmatrix
Posts: 2
Registered: ‎12-26-2011
0

SRX 210 - No internet access using local network DNS

[ Edited ]

Found the problem to be the proxy-arp configuration. In this instance the interface should be changed from pp0.0 to at-1/0/0.0, as follows:

 

proxy-arp {

        interface at-1/0/0.0 {

                address {

                        192.168.1.10/32;

                }

        }

}

 

Now on to the next challenge!

Cheers

Andrew

 

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.