SRX Services Gateway
Highlighted
SRX Services Gateway

Srx210 switch configuration ipv6

05.28.11   |  
‎05-28-2011 02:23 AM

Hello,

I am new to Junos and am having a problem configuring IPv6 on a srx210.

I have a Modem/Gateway Dual Stack (IPv4/IPv6) and I added SRX between the switch and the modem.

Everything seems to work in ipv4.

My ISP gives me a class / 48  [2001:7a8:145]

I've searched documentation on internet, but I can't find anything recent to Junos11
A lot of documentation about the packed mode and no the flow and about tunnel.

My actual config (the last worst), the thirtieth try

I tried the version 11.1R2.3 and (11.1R1.10) and 10.4(R3.4) and unfortunately the same result

The srx doesn't correctly switch the ipv6 stack.
I can't access Internet from LAN

The results of different Ping6

A. From srx -> local computer : Ok

On LAN (ge-0/0/1.0)
PING6(104=40+8+56 bytes) 2001:7a8:145:7::200 --> 2001:7a8:145:7::31
10 packets transmitted, 10 packets received, 0% packet loss


B. From srx -> Internet : Ok/FAIL

B1. From Lan (ge-0/0/1.0)
PING6(104=40+8+56 bytes) 2001:7a8:145:7::200 --> 2001:7a8:2:2001::e40
--- 2001:7a8:2:2001::e40 ping6 statistics ---
10 packets transmitted, 0 packets received, 100% packet loss


B2. From WAN (fe-0/0/7.0)
PING6(104=40+8+56 bytes) 2001:7a8:145:10::2 --> 2001:7a8:2:2001::e40
10 packets transmitted, 10 packets received, 0% packet loss

B3. From Lan -> Wan : Ok
PING6(104=40+8+56 bytes) 2001:7a8:145:7::200 --> 2001:7a8:145:10::2
10 packets transmitted, 10 packets received, 0% packet loss

B4. From Wan -> Lan : Ok
PING6(104=40+8+56 bytes) 2001:7a8:145:10::2 --> 2001:7a8:145:7::200
10 packets transmitted, 10 packets received, 0% packet loss


From local -> srx : FAIL
Router declared on computer 2001:7a8:145:7::200


I certainly have a configuration error but I do not see which

If someone could help me it would be perfect

Thank you in advance

Attachments

6 REPLIES
SRX Services Gateway

Re: Srx210 switch configuration ipv6

05.28.11   |  
‎05-28-2011 11:21 AM

try followin statements and check again

 

delete interfaces interface-range interfaces-trust member ge-0/0/1

commit

 

acknowledge back

regards

 

Hafiz Muhammad Farooq
JNCIE-SEC, JNCIP-SEC, JNCIS-SEC, JNCIS-FWV
JNCIS-SP, JNCIS-SA, JNCIA-JUNOS
IBM Qradar Deployment Professional

[Please mark it as Accepted Solution if it works, Kudos if you like]

SRX Services Gateway

Re: Srx210 switch configuration ipv6

05.28.11   |  
‎05-28-2011 11:06 PM

Hello

Thank you for your reply

I've executed the command (commit & reboot)

Now I can

ping computer-> srx

BUT

I can not access  the WAN

srx -> Internet FAIL

 

I am really far from understanding everything in junos config...

 

Best regards

SRX Services Gateway

Re: Srx210 switch configuration ipv6

05.29.11   |  
‎05-29-2011 05:45 AM

... now it seem a routing issue from internet gateways ( ::1 or 10.10.10.1)

 

however as a last check ... disable NAT

 

deactivate security nat source rule-set trust-to-untrust

commit

 

if it does not do the trick, do "rooback 1" and commit

 

regards

 

 

Hafiz Muhammad Farooq
JNCIE-SEC, JNCIP-SEC, JNCIS-SEC, JNCIS-FWV
JNCIS-SP, JNCIS-SA, JNCIA-JUNOS
IBM Qradar Deployment Professional

[Please mark it as Accepted Solution if it works, Kudos if you like]

SRX Services Gateway

Re: Srx210 switch configuration ipv6

05.29.11   |  
‎05-29-2011 07:42 AM

Hello,

 

Thanks for helping me.

 

I've done

deactivate security nat source rule-set trust-to-untrust

commit

And still the same problem, can't ping6 outside world... and the ipv4 stop working (perhaps it's logical).

 

I've done rollback 1 and came back to the previous config.

 

Regards

SRX Services Gateway

Re: Srx210 switch configuration ipv6

05.30.11   |  
‎05-30-2011 02:09 AM

Hello,

Do you have ipv6 enabled?

security forwarding-options family inet6 mode flow-based?

Regards,

Piotr Bratkowski

SRX Services Gateway

Re: Srx210 switch configuration ipv6

05.30.11   |  
‎05-30-2011 02:58 AM

Hello pioterbrat,

 

Of course ipv6 is enabled. I've provided complete config with the first message (just remove the password section).

 

Ipv6 was fully working before integrating Juniper.

 

Modem <-> Switch <-> Computers : Works (ipv4 & ipv6)

 

Modem <-> Srx <-> Switch <-> Computers : Error (see previous message).

 

I use ge/1 for internal Lan (srx -> switch)

and fe/7 for srx -> Modem (ipv6)

ge/0 for srx -> Modem (ipv4)

 

In previous config all was on ge/0 (v4 & v6) but not working more.

 

Before starting Junos I thought than config ipv6 was more simple (like v4, with a nice Web config)... Just a dream...

 

Regards