SRX

last person joined: 4 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  How can I add additional networks/subnets to my SRX?

    Posted 08-01-2013 13:03

    I searched through other posts but didn't find a definitive solution.
    What I am trying to do is add different IP/subnet ranges into my SRX100H. I have a simple, single network setup now that works fine, but when I try to add in another IP range/subnet, it will not work.
    For example, I have a network setup with 10.1.1.50/28 setup now that works fine with a few test computers in that range. I have another group of computers with a 172.90.185.60/29 address range and I need them to get setup in this firewall properly, and go out to the internet, but be seperate from the 10.1.1.50 group. Is this possible? If so, how would I add this new group in? Everything I have tried so far hasn't worked.
    Before the implementation of this firewall, these two networks were going through a Cisco switch, and then into the ISPs switch with no issue. Both could talk to the internet just fine. The Cisco switch has no special configurations on it or anything. I am trying to place the Juniper SRX100H after this Cisco switch, so it would go ISP switch -> Our Cisco Switch -> Juniper SRX100H -> test computers.

    I am including the show config and show interfaces output text files. If you need any other information, I will get it for you. Thanks a ton!

    Attachment(s)

    txt
    8_1_13_show_interfaces_mod.txt   19 KB 1 version
    txt
    8_1_13_show_config_mod.txt   6 KB 1 version


  • 2.  RE: How can I add additional networks/subnets to my SRX?

    Posted 08-01-2013 13:31
    Hi,

    you need to look at vlan-tagging the external interface.
    Or use proxy ark


  • 3.  RE: How can I add additional networks/subnets to my SRX?

    Posted 08-01-2013 15:54

    Thanks for those pointer cmia. I am pretty new at this so I am not too familar with either solution. I am getting caught up to speed by reading various articles though.

    Can you give me any configuration examples, explanations, or such? 

     

    Thanks



  • 4.  RE: How can I add additional networks/subnets to my SRX?

    Posted 08-01-2013 19:26

    So when you say look at vlan-tagging the external interface, you mean on the Cisco device the Juniper is connected to?

     

    Thanks



  • 5.  RE: How can I add additional networks/subnets to my SRX?
    Best Answer

    Posted 08-02-2013 02:20

    Try this, add vlan.1 to the trust zone

     zones {

            security-zone trust {

                host-inbound-traffic {

                    system-services {

                        all;

                    }

                    protocols {

                        all;

                    }

                }

                interfaces {

                    vlan.0;

                     vlan.1;



  • 6.  RE: How can I add additional networks/subnets to my SRX?

    Posted 08-02-2013 11:47

    Thanks for the recommendation. I am going to try this solution here this afternoon. I will let you know if it works.



  • 7.  RE: How can I add additional networks/subnets to my SRX?

    Posted 08-02-2013 14:18

    That did the trick! Thanks a ton and have a great weekend. I will mark you down for the accepted solution. Take care.