SRX

last person joined: 4 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  SRX220 First-time setup - NAT Problems?

    Posted 05-02-2015 04:09

    Hello,

     

    I'm trying to configure the SRX220 as a router/gateway. I've followed the initial setup wizard via the web interface, with these basic configs:

     

    - interface ge-0/0/0.0 got PPPoE, services & protocols are configured to "all" (this will be the WAN, in the untrust zone)

    - All other interfaces (ge-0/0/1.0 - ge-0/0/7.0) are on VLAN 3 (automatically configured by the initial setup wizard)

    - Router's IP & subnet is 10.0.0.1/8 (also, services & protocols are configured to "all")

     

    (other settings in the wizard not mentioned is left at their default values)

     

     

    I could ping the SRX220 from my laptop connected to any port from ge-0/0/1.0 - ge-0/0/7.0, but I'm unable to ping the internet (say, 8.8.8.8) either from the SRX's CLI or my laptop. (For pings, the reply was "No route to host.")

     

    I'd think that this is a NAT issue, but maybe it's something else. Could anyone help figure what's wrong here?

    Thank you!

     

     



  • 2.  RE: SRX220 First-time setup - NAT Problems?

     
    Posted 05-02-2015 05:03

    Hi NamoDev,


    Are you able to ping 8.8.8.8 from SRX? if so please make sure there is a security policy from LAN zone to WAN zone . We also need a Source NAT rule .

     



  • 3.  RE: SRX220 First-time setup - NAT Problems?

    Posted 05-02-2015 05:19

    Thanks for the reply!

     

    The answer is no. I've tried pinging 8.8.8.8 from the SRX, both from the J-Web and the CLI - none of it worked.

     

    Screen Shot 2015-05-02 at 7.19.16 PM.png

     

    Screen Shot 2015-05-02 at 7.18.37 PM.png



  • 4.  RE: SRX220 First-time setup - NAT Problems?

     
    Posted 05-02-2015 05:34
    Looks like default route is missing.. Can you configure 0/0 route?

    Or are you expecting that to be pushed by ISP?

    Can you share below outputs

    show route 8.8.8.8
    show interface terse


  • 5.  RE: SRX220 First-time setup - NAT Problems?

    Posted 05-02-2015 05:39

    Here's the output. (No route to 8.8.8.8?)

     

    root@NamoDev-Gateway> show route 8.8.8.8 

root@NamoDev-Gateway> show interfaces terse 
Interface               Admin Link Proto    Local                 Remote
ge-0/0/0                up    up
ge-0/0/0.0              up    up  
gr-0/0/0                up    up
ip-0/0/0                up    up
lsq-0/0/0               up    up
lt-0/0/0                up    up
mt-0/0/0                up    up
sp-0/0/0                up    up
sp-0/0/0.0              up    up   inet    
sp-0/0/0.16383          up    up   inet     10.0.0.1            --> 10.0.0.16
                                            10.0.0.6            --> 0/0
                                            128.0.0.1           --> 128.0.1.16
                                            128.0.0.6           --> 0/0
ge-0/0/1                up    up
ge-0/0/1.0              up    up   eth-switch
ge-0/0/2                up    down
ge-0/0/2.0              up    down eth-switch
ge-0/0/3                up    down
ge-0/0/3.0              up    down eth-switch
ge-0/0/4                up    down
ge-0/0/4.0              up    down eth-switch
ge-0/0/5                up    down
ge-0/0/5.0              up    down eth-switch
ge-0/0/6                up    down
ge-0/0/6.0              up    down eth-switch
ge-0/0/7                up    down
ge-0/0/7.0              up    down eth-switch
fxp2                    up    up
fxp2.0                  up    up   tnp      0x1             
gre                     up    up
ipip                    up    up
irb                     up    up
lo0                     up    up
lo0.16384               up    up   inet     127.0.0.1           --> 0/0
lo0.16385               up    up   inet     10.0.0.1            --> 0/0
                                            10.0.0.16           --> 0/0
                                            128.0.0.1           --> 0/0
                                            128.0.0.4           --> 0/0
                                            128.0.1.16          --> 0/0
lo0.32768               up    up        
lsi                     up    up        
mtun                    up    up        
pimd                    up    up        
pime                    up    up        
pp0                     up    up        
pp0.0                   up    up   inet     183.88.86.24        --> 183.88.80.1
ppd0                    up    up        
ppe0                    up    up        
st0                     up    up        
tap                     up    up        
vlan                    up    up        
vlan.0                  up    up   inet     10.0.0.1/8


  • 6.  RE: SRX220 First-time setup - NAT Problems?
    Best Answer

     
    Posted 05-02-2015 05:41
    Try this
    set routing-options static route 0/0 next-hop 183.88.80.1
    commit


  • 7.  RE: SRX220 First-time setup - NAT Problems?

    Posted 05-02-2015 05:45

    That worked, thank you!



  • 8.  RE: SRX220 First-time setup - NAT Problems?

     
    Posted 05-02-2015 05:55

    Hi NamoDev,

     

    Thanks for the update. Please modify the routing as below. (IP address may change as its dynamically assigned by ISP, use interface name instead)

     

    delete routing-options static route 0/0

    set routing-options static route 0/0 next-hop pp0.0
    commit

     

    Apologies for the inconvenience caused.