Hello,
I am having problems routing out to the internet throught a SRX 210 running 11.2. It is behind a SSG5 that is connected to my ISP with a PPPoE connection.
root@DMZ_SRX> show configuration
## Last commit: 2011-09-01 18:02:10 EDT by root
version 11.2R1.10;
system {
host-name DMZ_SRX;
time-zone America/New_York;
root-authentication {
encrypted-password "$1$HpOwhg2h$6RhijYgUw.BYhWJ8BT2dj1"; ## SECRET-DATA
}
name-server {
205.152.144.23;
205.152.132.23;
}
static-host-mapping {
localhost inet 127.0.0.1;
}
services {
ssh;
telnet;
web-management {
http {
interface vlan.0;
}
https {
system-generated-certificate;
interface vlan.0;
}
}
dhcp {
router {
192.168.1.1;
}
pool 192.168.1.0/24 {
address-range low 192.168.1.2 high 192.168.1.254;
}
propagate-settings ge-0/0/0.0;
}
}
syslog {
archive size 100k files 3;
user * {
any emergency;
}
file messages {
any critical;
authorization info;
}
file interactive-commands {
interactive-commands error;
}
}
max-configurations-on-flash 5;
max-configuration-rollbacks 5;
license {
autoupdate {
url https://ae1.juniper.net/junos/key_retrieval;
}
}
}
interfaces {
interface-range interfaces-trust {
member ge-0/0/1;
member fe-0/0/2;
member fe-0/0/3;
member fe-0/0/4;
member fe-0/0/5;
member fe-0/0/6;
member fe-0/0/7;
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
ge-0/0/0 {
unit 0 {
family inet {
address 172.16.1.1/24;
}
}
}
lo0 {
unit 0 {
family inet {
address 127.0.0.1/32;
}
}
}
vlan {
unit 0 {
family inet {
address 192.168.1.1/24;
}
}
}
}
routing-options {
static {
route 0.0.0.0/24 next-hop 172.16.1.2;
}
}
security {
screen {
ids-option untrust-screen {
icmp {
ping-death;
}
ip {
source-route-option;
tear-drop;
}
tcp {
syn-flood {
alarm-threshold 1024;
attack-threshold 200;
source-threshold 1024;
destination-threshold 2048;
timeout 20;
}
land;
}
}
}
nat {
source {
rule-set trust-to-untrust {
from zone trust;
to zone untrust;
rule source-nat-rule {
match {
source-address 0.0.0.0/0;
}
then {
source-nat {
interface;
}
}
}
}
}
}
policies {
from-zone trust to-zone untrust {
policy trust-to-untrust {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
log {
session-init;
session-close;
}
count;
}
}
}
}
zones {
security-zone trust {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
vlan.0;
}
}
security-zone untrust {
screen untrust-screen;
interfaces {
ge-0/0/0.0 {
host-inbound-traffic {
system-services {
dhcp;
tftp;
}
}
}
}
}
}
}
vlans {
vlan-trust {
vlan-id 3;
l3-interface vlan.0;
}
}
root@DMZ_SRX> show route all
inet.0: 6 destinations, 6 routes (4 active, 0 holddown, 2 hidden)
+ = Active Route, - = Last Active, * = Both
0.0.0.0/24 [Static/5] 00:33:16
> to 172.16.1.2 via ge-0/0/0.0
127.0.0.1/32 [Direct/0] 02:36:21
> via lo0.0
172.16.1.0/24 *[Direct/0] 01:38:59
> via ge-0/0/0.0
172.16.1.1/32 *[Local/0] 01:38:59
Local via ge-0/0/0.0
192.168.1.0/24 *[Direct/0] 02:35:32
> via vlan.0
192.168.1.1/32 *[Local/0] 02:35:46
Local via vlan.0
__juniper_private1__.inet.0: 6 destinations, 8 routes (3 active, 0 holddown, 4 hidden)
+ = Active Route, - = Last Active, * = Both
10.0.0.1/32 *[Direct/0] 02:36:21
> via lo0.16385
10.0.0.6/32 *[Local/0] 02:35:35
Local via sp-0/0/0.16383
10.0.0.16/32 *[Direct/0] 02:36:21
> via lo0.16385
[Direct/0] 02:35:34
> via sp-0/0/0.16383
128.0.0.1/32 [Direct/0] 02:36:21
> via lo0.16385
128.0.0.6/32 [Local/0] 02:35:35
Local via sp-0/0/0.16383
128.0.1.16/32 [Direct/0] 02:35:34
> via sp-0/0/0.16383
[Direct/0] 02:36:21
> via lo0.16385
__juniper_private2__.inet.0: 1 destinations, 1 routes (0 active, 0 holddown, 1 hidden)
+ = Active Route, - = Last Active, * = Both
127.0.0.1/32 [Direct/0] 02:36:22
> via lo0.16384
root@DMZ_SRX>
Has anyone ever seen this type of problem before. Thanks for the help!