SRX Services Gateway
Blogs
Discussion Forums
Programs & Events
turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Reply
Topic Options
rotearc
Contributor
rotearc
Posts: 82
Registered: ‎07-10-2010
0
Accepted Solution

Try to get loopback0 working on a SRX210

Options

‎11-28-2010 07:33 PM

Hi,

 

I am running SRX210H with 10.3.r2, trying to setup loopback.0 interface.

Here are the steps,

 

I added the ip address to loopback0 interace (192.168.2.1/32)

I added the loopback0 interface to trust security zone and inbound service

I added the loopback0 to https web manager interface

 

Now, when I tried to access the web interface via https, 192.168.1.1 or 192.168.2.1, the J-Web won't come up.  But ssh works on both addresses.  Please help,

 

Ernest

 

 

Attachment srx210.txt ‏9 KB
Message 1 of 6 (5,886 Views)
 
Reply
Distinguished Expert
Distinguished Expert
keithr
Posts: 810
Registered: ‎09-10-2009
0

Re: Try to get loopback0 working on a SRX210

Options

‎11-28-2010 10:26 PM

Before getting too deep into this, are you making sure to access J-Web using the custom URL?

 

https://<srx-ip>/my-jweb

 

If you're using that URL, are you getting any error messages or just timeouts?

-kr
JNCIS-SEC, JNCIA-ER, JNCIA-EX

---
If this solves your problem, please mark this post as "Accepted Solution."
Kudos are always appreciated.
Message 2 of 6 (5,873 Views)
 
Reply
WiserRonin
Contributor
WiserRonin
Posts: 19
Registered: ‎01-08-2010
0

Re: Try to get loopback0 working on a SRX210

Options

‎11-29-2010 04:32 AM

If you remove all the interface statements under this: management-url my-jweb; https { system-generated-certificate; interface [ vlan.0 ge-0/0/1.0 lo0.0 ]; It should look like this: management-url my-jweb; https { system-generated-certificate;
Message 3 of 6 (5,837 Views)
 
Reply
rotearc
Contributor
rotearc
Posts: 82
Registered: ‎07-10-2010
0

Re: Try to get loopback0 working on a SRX210

Options

‎11-29-2010 07:20 AM

 

keithr wrote:

Before getting too deep into this, are you making sure to access J-Web using the custom URL?

 

https://<srx-ip>/my-jweb

 

If you're using that URL, are you getting any error messages or just timeouts?

 

Yes, I was trying to access it via /my-jweb but it timeout with no responds.   Also, I was trying to setup dynamic vpn as well.

 

E

Message 4 of 6 (5,820 Views)
 
Reply
Distinguished Expert
Distinguished Expert
keithr
Posts: 810
Registered: ‎09-10-2009
0

Re: Try to get loopback0 working on a SRX210

Options

‎11-29-2010 06:35 PM

OK, on my devices (10.2R3.10), J-web works on my loopback interface without having to specify the loopback interface in the system -> services -> web-management -> https context.

 

I set a few options to look more like your config for testing:

 

 

system {
  services {
    web-management {
      traceoptions {
        file jweb-trace;
        flag all;
      }
      management-url my-jweb;
      https {
        system-generated-certificate;
        interface ge-0/0/0.420;
      }
      session {
        session-limit 4;
      }
    }
  }
}

 

I can connect to J-web using the device loopback address.

 

I assume you're trying to connect to J-Web from inside the Trust zone?

 

You could try setting a traceoptions file and see if anything is logged.  You could also set a flow trace to see if the traffic is being dropped for some reason.

 

I see you've got IPv6 configured on this device, are you trying to access J-Web via IPv6?  I'm not sure if having IPv6 turned up would have any effect on your traffic, as I haven't set up any SRX devices with IPv6.

 

 

 

-kr
JNCIS-SEC, JNCIA-ER, JNCIA-EX

---
If this solves your problem, please mark this post as "Accepted Solution."
Kudos are always appreciated.
Message 5 of 6 (5,787 Views)
 
Reply
rotearc
Contributor
rotearc
Posts: 82
Registered: ‎07-10-2010
0

Re: Try to get loopback0 working on a SRX210

Options

‎11-29-2010 07:18 PM

 

keithr wrote:

OK, on my devices (10.2R3.10), J-web works on my loopback interface without having to specify the loopback interface in the system -> services -> web-management -> https context.

 

I set a few options to look more like your config for testing:

 

 

system {
  services {
    web-management {
      traceoptions {
        file jweb-trace;
        flag all;
      }
      management-url my-jweb;
      https {
        system-generated-certificate;
        interface ge-0/0/0.420;
      }
      session {
        session-limit 4;
      }
    }
  }
}

 

I can connect to J-web using the device loopback address.

 

I assume you're trying to connect to J-Web from inside the Trust zone?

 

You could try setting a traceoptions file and see if anything is logged.  You could also set a flow trace to see if the traffic is being dropped for some reason.

 

I see you've got IPv6 configured on this device, are you trying to access J-Web via IPv6?  I'm not sure if having IPv6 turned up would have any effect on your traffic, as I haven't set up any SRX devices with IPv6.

 

 

 

 

Thanks keithr!  as soon as I removed the lo0 from the set system services web-management https interface.  I am able to login via https.

 

Thanks,

 

Ernest

 

Message 6 of 6 (5,781 Views)
 
Reply
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.