SRX Services Gateway
SRX Services Gateway

How to configure PPPoE with SRX100 10.0R2.10 for Switzerland ISPs

‎03-25-2010 02:25 AM

hi,

we have a new srx 100 with 10.0R2.10 and the ppoe will not work.
session is up but we can't have traffic over this line. same line with ssg-5 works.

here is our config. whats wrong with it?
as attachment we have a screenshot from the pppoe-session.

thanks a lot!
kevkev

--------------------------------------------------
## Last changed: 2010-03-25 09:51:38 CET
version 10.0R2.10;
system {
    host-name firewall;
    domain-name xxxxx.xx;
    time-zone Europe/Zurich;
    root-authentication {
        encrypted-password "xxxx";
    }
    name-server {
        61.12.179.174;
        191.246.253.10;
    }
    services {
        ssh;
        telnet;
        web-management {
            http {
                interface vlan.0;
            }
            https {
                system-generated-certificate;
                interface vlan.0;
            }
        }
        dhcp {
            name-server {
                61.12.179.174;
                191.246.253.10;
            }
            router {
                192.168.1.1;
            }
            pool 192.168.1.0/24 {
                address-range low 192.168.1.100 high 192.168.1.199;
            }
            propagate-settings fe-0/0/0.0;
        }
    }
    syslog {
        archive size 100k files 3;
        user * {
            any emergency;
        }
        file messages {
            any critical;
            authorization info;
        }
        file interactive-commands {
            interactive-commands error;
        }
    }
    max-configurations-on-flash 5;
    max-configuration-rollbacks 5;
    license {
        autoupdate {
            url https://ae1.juniper.net/junos/key_retrieval;
        }
    }
    ntp {
        server 121.132.2.21;
    }
}
interfaces {
    interface-range interfaces-trust {
        member fe-0/0/1;
        member fe-0/0/2;
        member fe-0/0/3;
        member fe-0/0/4;
        member fe-0/0/5;
        member fe-0/0/6;
        member fe-0/0/7;
        unit 0 {
            family ethernet-switching {
                vlan {
                    members vlan-trust;
                }
            }
        }
    }
    fe-0/0/0 {
        unit 0 {
            encapsulation ppp-over-ether;
        }
    }
    lo0 {
        unit 0 {
            family inet {
                address 127.0.0.1/32;
            }
        }
    }
    pp0 {
        unit 0 {
            ppp-options {
                chap {
                    default-chap-secret "xx-password-xx";
                    local-name "xx--username--xx";
                    passive;
                }
            }
            pppoe-options {
                underlying-interface fe-0/0/0.0;
                client;
            }
            family inet {
                negotiate-address;
            }
        }
    }
    vlan {
        unit 0 {
            family inet {
                address 192.168.1.1/24;
            }
        }
    }
}
snmp {
    community public {
        authorization read-only;
    }
}
security {
    ike {
        proposal phase1-kev {
            authentication-method pre-shared-keys;
            dh-group group2;
            authentication-algorithm sha1;
            encryption-algorithm 3des-cbc;
        }
    }
    nat {
        source {
            rule-set trust-to-untrust {
                from zone trust;
                to zone untrust;
                rule source-nat-rule {
                    match {
                        source-address 0.0.0.0/0;
                    }
                    then {
                        source-nat {
                            interface;
                        }
                    }
                }
            }
        }
    }
    screen {
        ids-option untrust-screen {
            icmp {
                ping-death;
            }
            ip {
                source-route-option;
                tear-drop;
            }
            tcp {
                syn-flood {
                    alarm-threshold 1024;
                    attack-threshold 200;
                    source-threshold 1024;
                    destination-threshold 2048;
                    timeout 20;
                }
                land;
            }
        }
    }
    zones {
        security-zone trust {
            address-book {
                address my_net 192.168.1.0/24;
            }
            host-inbound-traffic {
                system-services {
                    all;
                }
                protocols {
                    all;
                }
            }
            interfaces {
                vlan.0;
            }
        }
        security-zone untrust {
            screen untrust-screen;
            interfaces {
                fe-0/0/0.0 {
                    host-inbound-traffic {
                        system-services {
                            dhcp;
                            tftp;
                        }
                    }
                }
            }
        }
    }
    policies {
        from-zone trust to-zone untrust {
            policy trust-to-untrust {
                match {
                    source-address any;
                    destination-address any;
                    application any;
                }
                then {
                    permit;
                }
            }
        }
    }
}
vlans {
    vlan-trust {
        vlan-id 3;
        l3-interface vlan.0;
    }
}
--------------------------------------------------

5 REPLIES 5
SRX Services Gateway

Re: How to configure PPPoE with SRX100 10.0R2.10 for Switzerland ISPs

[ Edited ]
‎03-25-2010 03:13 AM

You'll need add the default route to pp0.0:

 

route 0.0.0.0/0 next-hop pp0.0;
SRX Services Gateway

Re: How to configure PPPoE with SRX100 10.0R2.10 for Switzerland ISPs

‎03-25-2010 03:59 AM

ok, thanks. this helps a lot Smiley Wink

 

but not everything is working with me config.

i'm not sure which interface have to be in the untrust zone. pp0.0 or my underlying-interface or both.

also the nat configuration is not clear. this guy makes this lake that:

http://forums.juniper.net/t5/SRX-Services-Gateway/SRX210-basic-setup-using-pppoe/m-p/31249/highlight...

 

thanks,

kevkev

SRX Services Gateway

Re: How to configure PPPoE with SRX100 10.0R2.10 for Switzerland ISPs

‎03-29-2010 01:14 AM
Hi Pls find attached document for step by step configuration of PPPOE on SRX Routers and other end we are using the as ERX routers. Pls feel free to get back to us if you have any questions.

Attachments

SRX Services Gateway

Re: How to configure PPPoE with SRX100 10.0R2.10 for Switzerland ISPs

‎03-29-2010 01:25 AM
Pls find attached is the source NAT configuration on "pp0".

Attachments

SRX Services Gateway

Re: How to configure PPPoE with SRX100 10.0R1.8 for Canada ISPs

‎05-18-2010 01:55 PM

 (ADSL Modem connected to SRX100 Gateway Router)

 

Hi all,

 

I am trying to setup the SRX100 Gateway Router with a ADSL service provider (Bell).  I can't find the option to configure the VCI and VPI parameters.

I want this router to be a PPPOE client. How can Configure the SRX100 with VCI and VPI and bridge LLC mode parameters.

The SRX100 comes with 8 port Fastethernet ports only. Can someone write the code for me.

 

The current setup is 

ADSL Modem (bridge Mode) ---->SRX100 (fe-0/0/0 interfaces).

(Modem SpeedStream 6520)

 

 I would like the Router to authenticate the ISP User name and password parameter.

 

This is what I had in it before please see below. Please help anyone.

Thanks.

zee

 

root# show
## Last changed: 2010-05-18 23:12:50 UTC
version 10.0R1.8;
interfaces {
    fe-0/0/0 {
        unit 0 {
            encapsulation ppp-over-ether;
        }
    }
    pp0 {
        unit 0 {
            ppp-options {
                pap {
                    local-name XXXXXXX;
                    local-password "$9$Jz4Zrit.s4fz4sCsutTtzpBtRhvM7-V"; ## SECRET-DATA
                }
            }
            pppoe-options {
                underlying-interface fe-0/0/0.0;
                auto-reconnect 120;
                client;
            }
            family inet {
                sampling {
                    input;
                    output;
                }
                negotiate-address;
            }
        }
    }
}
security {
    zones {
        security-zone untrust {
            interfaces {
                fe-0/0/0.0;
                pp0.0;
            }
        }
    }
}