vSRX
Highlighted
vSRX

error: 'interface' is not a valid interface-range or alias name

‎01-30-2020 11:04 AM

Hello Juniper Gurus,

 

Currently, I am trying to connect SRX 320 (Spoke)  to SRX 345 ( Hub), The spoke is already configured but in the Hub when I committed, it showed this message.      error: 'interface' is not a valid interface-range or alias name 

 

On the other hand, if I can get any VPN configuration template for SRX from you, I will be thankful.  

 

I found this link but it is not clear.

 

https://kb.juniper.net/InfoCenter/index?page=content&id=KB32015&cat=EX_SERIES&actp=LIST&showDraft=fa...

 

I am sending the configuration of the Hub

 

set system authentication-order password
set system root-authentication encrypted-password "xxxxxx"
set system services web-management http interface fxp0.0
set system syslog file messages any any

set system processes dhcp-service traceoptions file dhcp.log
set system processes dhcp-service traceoptions flag all
set system ntp server x.x.x.x
set services flow-monitoring version9 template ipv4-test ipv4-template

set security ike traceoptions file ike.log
set security ike traceoptions flag all
deactivate security ike traceoptions
set security ike proposal ike-prop authentication-method pre-shared-keys
set security ike proposal ike-prop dh-group group2
set security ike proposal ike-prop authentication-algorithm sha1
set security ike proposal ike-prop encryption-algorithm aes-256-cbc
set security ike proposal ike-prop lifetime-seconds 3600

set security ike policy ike-pol mode aggressive
set security ike policy ike-pol proposals ike-prop
set security ike policy ike-pol pre-shared-key ascii-text "XXXXXXX"

set security ike gateway ike-gw ike-policy ike-pol
set security ike gateway ike-gw address x.x.x.x
set security ike gateway ike-gw local-identity hostname srx345-spoke-2
set security ike gateway ike-gw external-interface ge-0/0/0.0

set security ipsec proposal juniper_profile_1 protocol esp
set security ipsec proposal juniper_profile_1 authentication-algorithm hmac-sha-256-128
set security ipsec proposal juniper_profile_1 encryption-algorithm aes-256-cbc
set security ipsec proposal juniper_profile_1 lifetime-seconds 3600

set security ipsec policy juniper_profile_1 perfect-forward-secrecy keys group2
set security ipsec policy juniper_profile_1 proposals juniper_profile_1

set security ipsec vpn ipsec-vpn-s2 bind-interface st0.0
set security ipsec vpn ipsec-vpn-s2 ike gateway ike-gw
set security ipsec vpn ipsec-vpn-s2 ike ipsec-policy juniper_profile_1
set security ipsec vpn ipsec-vpn-s2 establish-tunnels immediately
set security flow tcp-mss ipsec-vpn mss 1350


set security nat source rule-set trust-to-untrust from zone trust
set security nat source rule-set trust-to-untrust to zone untrust
set security nat source rule-set trust-to-untrust rule source-nat-rule match source-address 0.0.0.0/0
set security nat source rule-set trust-to-untrust rule source-nat-rule then source-nat interface


set security policies from-zone trust to-zone untrust policy default-permit match source-address any
set security policies from-zone trust to-zone untrust policy default-permit match destination-address any
set security policies from-zone trust to-zone untrust policy default-permit match application any
set security policies from-zone trust to-zone untrust policy default-permit then permit
set security policies from-zone trust to-zone vpn policy default-permit match source-address any
set security policies from-zone trust to-zone vpn policy default-permit match destination-address any
set security policies from-zone trust to-zone vpn policy default-permit match application any
set security policies from-zone trust to-zone vpn policy default-permit then permit
set security policies from-zone vpn to-zone trust policy default-permit match source-address any
set security policies from-zone vpn to-zone trust policy default-permit match destination-address any
set security policies from-zone vpn to-zone trust policy default-permit match application any
set security policies from-zone vpn to-zone trust policy default-permit then permit


set security zones security-zone untrust host-inbound-traffic system-services ike
set security zones security-zone untrust host-inbound-traffic system-services dhcp
set security zones security-zone untrust host-inbound-traffic system-services ping
set security zones security-zone untrust host-inbound-traffic system-services snmp
set security zones security-zone untrust host-inbound-traffic system-services snmp-trap

set security zones security-zone untrust interfaces ge-0/0/0.0

set security zones security-zone trust host-inbound-traffic system-services all
set security zones security-zone trust host-inbound-traffic protocols all
set security zones security-zone trust interfaces lo0.0
set security zones security-zone trust interfaces irb.10

set security zones security-zone vpn host-inbound-traffic system-services all
set security zones security-zone vpn host-inbound-traffic protocols all
set security zones security-zone vpn interfaces st0.0

set security zones security-zone test host-inbound-traffic system-services all
set security zones security-zone test host-inbound-traffic protocols all
set security zones security-zone test interfaces ge-0/0/7.0

set interfaces ge-0/0/0 description "outside connection"
set interfaces ge-0/0/0 speed 100m
deactivate interfaces ge-0/0/0 speed
set interfaces ge-0/0/0 ether-options no-auto-negotiation
set interfaces ge-0/0/0 ether-options link-mode full-duplex
deactivate interfaces ge-0/0/0 ether-options
set interfaces ge-0/0/0 unit 0 family inet dhcp-client vendor-id Juniper-srx345
set interfaces ge-0/0/1 unit 0 description "to host-3"
set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members VLAN10
set interfaces ge-0/0/2 unit 0 description "to host-3"
set interfaces ge-0/0/2 unit 0 family inet dhcp-client
set interfaces ge-0/0/3 unit 0 description "to host-3"
set interfaces ge-0/0/3 unit 0 family ethernet-switching vlan members VLAN10
set interfaces ge-0/0/4 unit 0 description "to host-3"
set interfaces ge-0/0/4 unit 0 family ethernet-switching vlan members VLAN10
set interfaces ge-0/0/5 unit 0 description "to host-3"
set interfaces ge-0/0/5 unit 0 family ethernet-switching vlan members VLAN10
set interfaces ge-0/0/6 unit 0 description "to host-3"
set interfaces ge-0/0/6 unit 0 family ethernet-switching vlan members VLAN10
set interfaces ge-0/0/7 disable
set interfaces ge-0/0/7 unit 0 description "to host-3"
set interfaces ge-0/0/7 unit 0 family inet dhcp-client
set interfaces ge-0/0/7 unit 0 family ethernet-switching vlan members VLAN10
deactivate interfaces ge-0/0/7 unit 0 family ethernet-switching
set interfaces ge-0/0/8 unit 0 description "to host-3"
set interfaces ge-0/0/8 unit 0 family ethernet-switching vlan members VLAN10
set interfaces ge-0/0/9 unit 0 description "to host-3"
set interfaces ge-0/0/9 unit 0 family ethernet-switching vlan members VLAN10
set interfaces ge-0/0/10 unit 0 description "to host-3"
set interfaces ge-0/0/10 unit 0 family ethernet-switching vlan members VLAN10
set interfaces ge-0/0/11 unit 0 description "to host-3"
set interfaces ge-0/0/11 unit 0 family ethernet-switching vlan members VLAN10
set interfaces ge-0/0/12 unit 0 description "to host-3"
set interfaces ge-0/0/12 unit 0 family ethernet-switching vlan members VLAN10
set interfaces ge-0/0/13 unit 0 description "to host-3"
set interfaces ge-0/0/13 unit 0 family ethernet-switching vlan members VLAN10
set interfaces ge-0/0/14 unit 0 description "to host-3"
set interfaces ge-0/0/14 unit 0 family ethernet-switching vlan members VLAN10
set interfaces ge-0/0/15 unit 0 description "to host-3"
set interfaces ge-0/0/15 unit 0 family ethernet-switching vlan members VLAN10
set interfaces fxp0 unit 0 family inet address x.x.x.x/25

set interfaces irb unit 10 family inet address x.x.x.x/27
set interfaces lo0 unit 0 family inet address x.x.x.x/32
set interfaces st0 unit 0 family inet mtu 1400
set interfaces st0 unit 0 family inet address x.x.x.x/24
set routing-options static route x.x.0.0/16 next-hop x.x.x.x
set routing-options static route x.x.0.0/16 next-hop x.x.x.x
set routing-options static route x.x.x.x/24 next-hop 10.1.10.1
set routing-options static route x.x.x.x/32 next-hop 10.1.10.1
set routing-options router-id x.x.x.x

set protocols ospf area 0.0.0.3 interface st0.0 interface-type p2p
set protocols ospf area 0.0.0.3 interface st0.0 hello-interval 20
set protocols ospf area 0.0.0.3 interface st0.0 dead-interval 300
set protocols ospf area 0.0.0.3 interface st0.0 neighbor x.x.x.x
set protocols ospf area 0.0.0.3 interface lo0.0 passive
set protocols ospf area 0.0.0.3 interface irb.10 passive
set routing-instances test instance-type virtual-router
set routing-instances test interface ge-0/0/7.0

set vlans VLAN10 vlan-id 10
set vlans VLAN10 l3-interface irb.10
=========================================

 

Lab@SRX345-HUB# commit
error: 'interface' is not a valid interface-range or alias name

 

 

3 REPLIES 3
Highlighted
vSRX
Solution
Accepted by topic author johncas
‎01-31-2020 11:09 AM

Re: error: 'interface' is not a valid interface-range or alias name

‎01-30-2020 01:27 PM

Hi John,

 

I looked at the configuration and cannot find any errors. I tried putting in random passwords and IP addresses in the set commands and did commit check on a device... and it validates.

 

 

Did you do a "delete" from the top of the configuration before loading in the set commands listed? the set commands will only merge into already existing config.

 

You should do something like this to ensure you are not merging existing configuration into your new one:

 

user@srx340> configure
Entering configuration mode

[edit]
user@srx340r# delete
This will delete the entire configuration
Delete everything under this level? [yes,no] (no) yes


[edit]
user@srx340# load set terminal
[Type ^D at a new line to end input]
<paste in all set commands here and hit ctrl + d afterwards>
load complete

[edit]

user@srx340# commit check
configuration check succeeds

[edit]
user@srx340# 

Alternately - if you have the configuration in {} style, you can do a "load override" from the top of configuration mode and then just paste configuration into your device.


--
Best regards,

Jonas Hauge Klingenberg
Juniper Ambassador & Technology Architect, SEC DATACOM A/S (Denmark)
Highlighted
vSRX

Re: error: 'interface' is not a valid interface-range or alias name

‎01-30-2020 01:29 PM

And regarding VPN configuration, you can create your own template via the SRX VPN configurator: https://support.juniper.net/support/tools/vpnconfig/ :-)


--
Best regards,

Jonas Hauge Klingenberg
Juniper Ambassador & Technology Architect, SEC DATACOM A/S (Denmark)
Highlighted
vSRX

Re: error: 'interface' is not a valid interface-range or alias name

‎01-31-2020 11:24 AM

Hello,  

 

Thanks for your response, about your question really I don't remember, it is probably because I have been setting and deleting different command lines. I will be trying your configuration advice also I am going to use the SRX VPN configurator.

 

Thanks for your help.