SRX

last person joined: 14 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  security section on MX-80 MIC card for ipsec

    Posted 08-28-2016 23:31

    I installed MIC card for ipsec vpn on MX80 platform. 

     

    MIC card used for ipsec encription was inserted and it is online: 

     

    admin@MX-80-2-Feve3-Rack-21# run show chassis fpc pic-status
Slot 0   Online
  PIC 0  Online       4x 10GE XFP
  PIC 2  Online       MS-MIC-16G

     

    However I do not see any services associated with security: 

     

    admin@MX-80-2-Feve3-Rack-21# run request ?
Possible completions:
  ancp                 Request ANCP operation
  app-engine           Request App-engine actions
  chassis              Perform chassis-specific operations
  dhcp                 Perform DHCP operations
  dhcpv6               Perform DHCPv6 operations
  diagnostics          Time Domain Reflectometry diagnostics
  interface            Perform interface operations
  jdaf                 Request JDAF operation
  l2circuit-switchover  Perform l2circuit switchover
  lacp                 Request LACP actions
  message              Send text message to other users
  mpls                 Perform Multiprotocol Label Switching operations
  network-access       Request network-access related information
  path-computation-client  Perform path-computation-client operations
  pim                  Perform PIM operations
  protection-group     Request protection group related operations
  routing-engine       Routing Engine
  services             Services-related requests
  snmp                 Request actions from the Simple Network Management Protocol daemon
  support              Perform JUNOS support tasks
  system               Perform system-level operations
  validation           Request route validation actions
  vpls-switchover      Perform LDP VPLS pseudowire switchover
[edit]

     

    Based on this documantation page, thare should be security section to request digital CA: 

     

    https://www.juniper.net/documentation/en_US/junos15.1/topics/task/configuration/digital-certificatio...

     

    However, it looks like this procedure is more like for SRX platforms -  I do not know if this procedure is same for MX 80. 

     

    Similar situation is with section where I could configure ipsec-vpn rules in services (following this documentation  

     

    http://www.juniper.net/documentation/en_US/junos15.1/topics/example/ipsec-configuring-on-ms-mic.html  😞 

     

    admin@MX-80-2-Feve3-Rack-21# set services ips
                                          ^
syntax error.

     

    There is not section like this in config. Also - documantaion above descrive pre-shared key usage, not digital CA. 

     

    Here issome more details which could help you with investigation: 

     

    Services MIC supprts: 

     

    admin@MX-80-2-Feve3-Rack-21# run show extension-provider system packages interface ms-0/2/0
Interface: ms-0/2/0
jservices-alg-xlp64 JUNOS Services Application Level Gateway (xlp64) [15.1F2.8]
jservices-jflow-xlp64 JUNOS Services JFLOW PIC package (xlp64) [15.1F2.8]
jservices-nat-xlp64 JUNOS Services NAT PIC package (xlp64) [15.1F2.8]
jservices-rpm-xlp64 JUNOS Services RPM PIC package (xlp64) [15.1F2.8]
jservices-sfw-xlp64 JUNOS Services Stateful Firewall PIC package (xlp64) [15.1F2.8]

     

    How can I make it to work? is there anybody who have had experiane with those service cards? 

     



  • 2.  RE: security section on MX-80 MIC card for ipsec
    Best Answer

    Posted 08-29-2016 00:41

    Hello,

    It looks You are running "JUNOS Worldwide" build - it does not support enclyption.

    Please upgrade to "JUNOS" (without "Worldwide" and without "Limited" keyword in the name when using dropdown menu on https://www.juniper.net/support/downloads/?p=mx80#sw) - then You should get the "services ipsec-vpn" stanza available.

    HTH

    Thx

    Alex



  • 3.  RE: security section on MX-80 MIC card for ipsec

    Posted 08-29-2016 23:39

    Hi aarseniev, 

     

    I recently upgraded software to by isuing file jinstall-ppc-15.1F2.8-export-signed.tgz, so I have: 

     

    admin@MX-80-2-Feve3-Rack-21# run show version
    Hostname: MX-80-2-Feve3-Rack-21
    Model: mx80
    Junos: 15.1F2.8
    JUNOS Base OS boot [15.1F2.8]
    JUNOS Base OS Software Suite [15.1F2.8]
    JUNOS Packet Forwarding Engine Support (MX80) [15.1F2.8]
    JUNOS Web Management [15.1F2.8]
    JUNOS Online Documentation [15.1F2.8]
    JUNOS Services Application Level Gateways [15.1F2.8]
    JUNOS Services Jflow Container package [15.1F2.8]
    JUNOS Services Stateful Firewall [15.1F2.8]
    JUNOS Services NAT [15.1F2.8]
    JUNOS Services RPM [15.1F2.8]
    JUNOS Kernel Software Suite [15.1F2.8]
    JUNOS Routing Software Suite [15.1F2.8]

    [edit]

     

    Ok, I will get Junos version you are talking about and let you know 🙂 

     

     



  • 4.  RE: security section on MX-80 MIC card for ipsec

    Posted 08-30-2016 04:30

    Thanks 

     

    Upgrade went fine and after MIC card came online, I see vpn serices supported:

     

    admin@MX-80-1-Feve3-Rack-21# run show version
    Hostname: MX-80-1-Feve3-Rack-21
    Model: mx80
    Junos: 15.1F6.9
    JUNOS Base OS boot [15.1F6.9]
    JUNOS Base OS Software Suite [15.1F6.9]
    JUNOS Crypto Software Suite [15.1F6.9]
    JUNOS Packet Forwarding Engine Support (MX80) [15.1F6.9]
    JUNOS Web Management [15.1F6.9]
    JUNOS Online Documentation [15.1F6.9]
    JUNOS Services Application Level Gateways [15.1F6.9]
    JUNOS Services Jflow Container package [15.1F6.9]
    JUNOS Services Stateful Firewall [15.1F6.9]
    JUNOS Services NAT [15.1F6.9]
    JUNOS Services RPM [15.1F6.9]
    JUNOS Services Captive Portal and Content Delivery Container package [15.1F6.9]
    JUNOS Macsec Software Suite [15.1F6.9]
    JUNOS Services Crypto [15.1F6.9]
    JUNOS Services IPSec [15.1F6.9]
    JUNOS Kernel Software Suite [15.1F6.9]
    JUNOS Routing Software Suite [15.1F6.9]