SRX

last person joined: 13 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  SRX 650 cluster, IC4500 can not connection, state:attempt-next

    Posted 12-05-2012 07:35

    Hi.

    I have a cluster with SRX 650, when the equipment  tried to connect to IC4500 it couldn´t.

    When I ejecuted the command "show services unified-access-control status" I see "the attempt-next" status.

    The conectivity test (ICMP) was suscefully.

    I saw the log: "startConnect: bind interface=reth6.0, result=-1 err=Can't assign requested address".

    The traffic must be intrazone.

     

    The configuration is:

    {primary:node0}
    root@firewall> show configuration services unified-access-control
    infranet-controller IC {
        address 10.0.250.5;
        interface reth6.0;
        password "$9$Zeji.n6A01hHqA0B1hcbsYoUj"; ## SECRET-DATA
    }
    interval 30;
    traceoptions {
        flag all;
    }
    root@firewall> show configuration routing-instances TEST
    instance-type virtual-router;
    interface reth6.0;


    {primary:node0}
    root@firewall> show configuration security zones security-zone NAC
    address-book {
        address IC4500 10.0.250.5/32;
    }
    host-inbound-traffic {
        system-services {
            all;
        }
        protocols {
            all;
        }
    }
    interfaces {
        reth6.0;
    }

    Can someone tell me what happend?

     

    Best regards.

     



  • 2.  RE: SRX 650 cluster, IC4500 can not connection, state:attempt-next
    Best Answer

    Posted 12-07-2012 09:19

    Hi all.

    To connect IC4500 with SRX650, the configuration must be without  virtual-router.  In our case, we put off the reth6.0 interface from the virtual-router and then the conection status between the IC4500 with SRX6500 pass to CONNECTED.

     

     

     

    Best regards.