Hi, Juniper newbie so hopefully its an easy one.
I cant ping my internet gateway .97 or 4.2.2.2 from the CLI
I've spent 2 days on this and cant figure it out 😞
I've created permit rules for everything i can think of just to get it working and I still cant ping.
Any help would be much appreciated.
I have interface untrust ge-0/0/0.0 set to 2XX.XX.XX.102/29
It needs to get to the internet using the gateway 2XX.XX.XX.97
Subnet mask and IP's are definately correct.
## Last changed: 2013-02-08 16:48:56 EST
version 12.1R5.5;
system {
host-name jun01;
services {
ssh;
telnet;
xnm-clear-text;
web-management {
http {
interface [ vlan.0 ge-0/0/0.0 ];
}
https {
system-generated-certificate;
interface [ vlan.0 ge-0/0/0.0 ];
}
}
}
ntp {
server 192.168.1.208;
}
}
interfaces {
ge-0/0/0 {
unit 0 {
family inet {
address 20X.XX.XX.102/29;
}
}
}
ge-0/0/1 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
vlan {
unit 0 {
family inet {
address 172.23.168.2/23;
}
}
}
}
routing-options {
static {
route 172.23.170.0/23 next-hop 172.23.168.1;
route 0.0.0.0/0 next-hop 2XX.XX.XX.97;
}
}
protocols {
stp;
}
security {
screen {
ids-option untrust-screen {
icmp {
ping-death;
}
ip {
source-route-option;
tear-drop;
}
tcp {
syn-flood {
alarm-threshold 1024;
attack-threshold 200;
source-threshold 1024;
destination-threshold 2048;
timeout 20;
}
land;
}
}
}
nat {
source {
rule-set trust-to-untrust {
from zone trust;
to zone untrust;
rule source-nat-rule {
match {
source-address 0.0.0.0/0;
}
then {
source-nat {
interface;
}
}
}
}
}
}
policies {
from-zone trust to-zone untrust {
policy trust-to-untrust {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone untrust to-zone untrust {
policy untrust-to-untrust {
match {
source-address any;
destination-address any;
application junos-icmp-all;
}
then {
permit;
}
}
}
from-zone untrust to-zone trust {
policy untrust-to-trust {
match {
source-address any;
destination-address any;
application junos-icmp-all;
}
then {
permit;
}
}
}
from-zone trust to-zone trust {
policy trust-to-trust {
match {
source-address any;
destination-address any;
application junos-icmp-all;
}
then {
permit;
}
}
}
}
zones {
security-zone trust {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
vlan.0;
}
}
security-zone untrust {
screen untrust-screen;
host-inbound-traffic {
system-services {
ping;
}
}
interfaces {
ge-0/0/0.0 {
host-inbound-traffic {
system-services {
dhcp;
tftp;
all;
}
protocols {
all;
}
}
}
}
}
}
}
vlans {
vlan-trust {
vlan-id 3;
l3-interface vlan.0;
}
}