SRX Services Gateway
Highlighted
SRX Services Gateway

WAN to pfSense throug Juniper SRX240H

06.13.18   |  
Wednesday

Hello there!

I have a simple question for expert administrator's, but for me it's very hard.

We have this net scheme - simple view:

We have changed ISP, and new ISP gived to us two external IP addresses:

217.22.xxx.162/30 with gateway 217.22.xxx.162

62.213.yyy.86/30 with gateway 62.213.yyy.85

 

I configured Juniper as previous configuration, but configuration of ports for WAN to pfSense was missed.

This config ports:

This config static routing:

I trying different configs for ports, NAT, etc. in Juniper, but WAN on a pfSense still not working.

Which parametres on Juniper i must set up for working?

I can ping ISP GW 2 from Juniper, but i can't ping it from pfSense over WAN - this is logicalSmiley Happy

LAN works perfectly both for user stations and pfSense.

But we need external IP on pfSense for OpenVPN.

 

Tell me. please, at least in what direction to look.

Thank you.

 

2 REPLIES
SRX Services Gateway

Re: WAN to pfSense throug Juniper SRX240H

06.13.18   |  
Wednesday

Hello,


@Andrey.Azarov wrote:

We have changed ISP, and new ISP gived to us two external IP addresses:

217.22.xxx.162/30 with gateway 217.22.xxx.162

62.213.yyy.86/30 with gateway 62.213.yyy.85

 

 

 


Are these two /30 subnets:

1/ on the same port and same VLAN (tagged/untagged) ?

2/ on different ports and different VLANs (tagged/untagged) ?

3/ on same port but different VLANs (tagged) ?

If Your use case is (2) or (3),  then You can configure a VPLS instance on SRX and pass-through the SRX the 62.213.yyy.86 IP straight to pfSense.

If Your use case is (1) then the simplest way would be to address Your pfSense with private IP and statically NAT that IP to 62.213.yyy.86.

HTH

Thx

Alex

 

_____________________________________________________________________

Please ask Your Juniper account team about Juniper Professional Services offerings.
Juniper PS can design, test & build the network/part of the network as per Your requirements

+++++++++++++++++++++++++++++++++++++++++++++

Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
SRX Services Gateway

Re: WAN to pfSense throug Juniper SRX240H

[ Edited ]
06.18.18   |  
yesterday

Big thank You for reply and ssory for delay of my answer.

 

I try to add port 0/0/0.0 to VLAN, but i have an IP address, which was given to this logical port - at screen is 217.22.xxx.162/30.

If i remove it and change VLAN to 100(for example), internet access was broken for all office. And i can't bind port to VLAN without remove IPv4 settings:

 

In this time no port has a binding to a special VLAN, all ports work at 1 default VLAN.

I suppose, that my option is partially 3, because i don't have separation for VLAN's, but from ISP i have one ethernet cable in 0/0/0.0 port?

And in this time i don't have a vision, how i must set up VPLS instance - i'm trying some attemps with different configs, but this still not working. 

 

P.S. Oh, maybe i must change port 0/0/0.0 to all VLAN's in trunk modes? I don't remember, but maybe i'm tried port mode is access... 

 

With best regards

Yan