Junos Cup 2014
Highlighted
Junos Cup 2014

Tournament 3: Italy Challenge & Solution: SRX Network Address Translation #2

[ Edited ]
‎06-26-2014 07:23 AM

Country Flag: Italy

 

Author: Brad Woodberg and Linus Wang

 

Title: SRX Network Address Translation #2

 

Type: Security

 

Difficulty: Medium (1 point).

 

Technical Description: Fix a failing ping, with just two set commands at the DUT firewall.

 

Topology:

 

Italy-Topology

 

Challenge Instructions:

For this challenge, you need to start the topology called: “ITALY – SRX Network Address Translation #2”.

 

As you solve this challenge, leave the following command running from PC1:

juniper@PC1> ping 10.1.1.20

PING 10.1.1.20 (10.1.1.20): 56 data bytes

/* No reply */

 

You need to fix it by executing two set commands at the DUT firewall:

configure

set <command #1>

set <command #2>

commit

 

Your answer must meet the following conditions:

 

- You are not allowed to change, add or remove the IP address of any interface. But you CAN type IP addresses.

- The ICMP echo requests must go from PC1 to PC2, and PC2 should reply to them.

 

NOTE: If you see a license error upon commit (JNX_LICENSE_TMP), you can safely ignore it.

 

To solve this challenge submit the two set commands to be issued at the DUT firewall.

 

NOTE: If you have issues connecting to the Junosphere topology please check Junosphere Technical documentation, or request assistance in the Junosphere forum 

Send an email with your proposed solution to junos-cup@juniper.net:

  •  The subject should be “<country-name-of-the-challenge> -  <your-full-name>”. For example: “Brazil – Wolfgang Amadeus Mozart”.
  • In the email body, please include your proposed solution, along with your first and last name and complete mailing address including zip/postal code and your shirt size (S, M, L, XL, XXL, XXXL) (Only if you haven’t already submitted your address/shirt size on a previous submission)

 

Deadline to Respond: Tuesday, 1st of July 23:59:59 Pacific Daylight Time (PDT) 

Timezone Converter
Current PDT Time


Some additional notes:

  • You can try to solve and submit answers for as many active challenges as you wish
  • The answers will be read by the organization right after the deadline
  • The challenge instructions are final, and no additional information or tips will be provided before the publication of the solution and the winner list. Please don’t expect a reply from junos-cup@juniper.net.
  • If you feel that your initial solution is wrong or incomplete, you can send up to three messages for the same challenge, but please note that only your last message (received before the deadline) will be read.
  • If you think there is an error in the definition of the challenges, please send us an email with subject (“<country-name> ERROR”); if there is no reply, then it’s likely an intentional condition of the challenge, rather than an error.

 

OFFICIAL SOLUTION:

 

juniper@DUT# set security nat proxy-arp interface ge-0/0/1 address 10.1.1.20 to 10.1.1.20   

 

juniper@DUT# set security nat proxy-arp interface ge-0/0/2 address 10.2.2.2 to 10.2.2.2     

 

Julie Wider
Advocacy Manager
Twitter: @JNetCommunity & @jawider