Screen OS

last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  Interzone SSH to Cisco device times out

    Posted 01-21-2010 08:47

    Hello, I have an SSG550 with multiple zones. Basically here is the problem, I have my admin workstation in zone A and my Cisco switches (and users) in zone B. When I try to SSH (or telnet) to my Cisco switches I am successful and I see the traffic accepted in the firewall (via NSM) logs. I am able to login, but after about 10 seconds my connection is broken.

     

    When I ran Wireshark it shows me that the device stops responding to my workstation and I begin retransmissions.

     

    If I use SSH (or telnet) from a PC on the same subnet as the switch it work fine.

     

    I thought it might have something to do with Security Screening options (like SYN flood protection) that I recently enabled, but even when I disable it, it still happens.

     

    The policy rule for Zone A to Zone B is Any Any Permit.

     

    Any thoughts?



  • 2.  RE: Interzone SSH to Cisco device times out

    Posted 01-21-2010 16:34

    Hi,


    Just for testing, have you tried telnet instead and see if you have the same problem?  What firmware version are you running on the Juniper device?


    Also, I assume the default gateway on your network is the SSG for all VLANs?

     

    -Mike



  • 3.  RE: Interzone SSH to Cisco device times out
    Best Answer

    Posted 01-22-2010 05:53

    Hi,

    Make sure no asymetrical routing is happening.

     

    Apply command no ip proxy-arp and make sure your machines gateway and cisco gateway is pointing to firewall i.e. is on firewall.

     

    Thanks