SRX

Hello together
I have yesterday installed me SRX100B and now i have
one problem, i can't ping the printer from all subnet.

All other ping attempt are possible:
 - PC to WIFI Client = Ok
 - PC to Internet = Ok
 - PC to PC = Ok
 - WIFI to PC = Ok
 - WIFI to Internet = Ok

me ideaa, that i create for any subnet own VLAN
 - Vlan Office (DHCP)    30 Hosts
 - Vlan Wifi (DHCP)   14 Hosts
 - Vlan Experiment (DHCP)  14 Hosts

Zone:
 - F0/0/0 - F0/0/0 - Public Internet    Untrust
 - F0/0/1 - F0/0/5 - Address 192.168.20.1  /27 Office  Trust - VLAN Office
 - F0/0/6 - F0/0/6 - Address 192.168.20.33 /28 Experiment Trust - VLAN Experiment - Trust
 - F0/0/7 - F0/0/7 - Address 192.168.20.241/28 Wifi  Trust - VLAN Wifi - Trust

Computer:
 - 192.168.20.2
 - 192.168.20.3
 - 192.168.20.4

Printer: 
 - 192.168.20.9

Wifi:

 - 192.168.20.242
 - 192.168.20.243
 - 192.168.20.244

Policy Settings:
 - source-address any;
        - destination-address any;
        - application any;

        - Permit;

for me it's seems to make sense what i confiugre, but here
i have build a mistake, please help me to fix this so i can
Print and go on with me work 🙂

Best regards
Mauri

Attachment(s)

SRXConfig.txt   13 KB 1 version

Hello ,

Are you able to ping the printer from the SRX ?

Hello ,

Also I see that the Printer is on "office" zone , and I see that from Internet to office , is through a VPN :

policies {
        from-zone Internet to-zone office {
            policy policy_startup_rvpn_office {
                match {
                    source-address any;
                    destination-address any;
                    application any;
                }
                then {
                    permit {
                        tunnel {
                            ipsec-vpn startup_rvpn;
                        }
                    }
                }
            }
        }



Please let me know if the VPN is up or not .  If not , please check the VPN . This should only impact traffic from Internet to Printer .

Rest of the policy should be fine for other subnets ( Wifi ,experiment etc ) 

Could you please place an intra-zone policy too ( from-zone office to-zone office)

Hello Joses

Hello MohsinulMalik

Thanks for your input and Help with our help i have found me mistake and now this are running !!

Please, are possible to make in DHCP - Manuall setting so that the printer still become everytime

the same IP-Address! i wan't that this printer become everytime the IP 192.168.20.4

root@SRX100B% ping 192.168.20.3
PING 192.168.20.3 (192.168.20.3): 56 data bytes
64 bytes from 192.168.20.3: icmp_seq=0 ttl=64 time=6.811 ms
64 bytes from 192.168.20.3: icmp_seq=1 ttl=64 time=3.120 ms
64 bytes from 192.168.20.3: icmp_seq=2 ttl=64 time=3.284 ms

root@SRX100B% traceroute 192.168.20.3
traceroute to 192.168.20.3 (192.168.20.3), 30 hops max, 40 byte packets
 1  192.168.20.3 (192.168.20.3)  4.215 ms  2.424 ms  2.940 ms

Best regards

Mauri

Hello ,

I hope this will help in DHCP issue :

http://www.juniper.net/documentation/en_US/junos12.1x47/topics/task/configuration/security-dhcp-static-address-assignment-configuring.html

If that does not help , Please check this KB also :

http://kb.juniper.net/InfoCenter/index?page=content&id=KB25645