scubablue
asked on
Juniper J Series does not route nor ping
Hello,
I just setup out Juniper J2300 series and it look OK but it doesnot route not return pings. I can only log to the web interface 192.168.1.1. I am 192.168.1.10 and cannot ping 192.168.1.1 when connected directly to hte interface
version 9.2R1.10;
system {
autoinstallation {
delete-upon-commit;
traceoptions {
level verbose;
flag {
all;
}
}
}
host-name XXXX;
root-authentication {
encrypted-password ;
}
services {
ssh;
telnet;
web-management {
http {
interface ge-0/0/0.0;
}
}
}
syslog {
user * {
any emergency;
}
file messages {
any any;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
license {
autoupdate {
url https://ae1.juniper.net/junos/key_retrieval;
}
}
}
interfaces {
ge-0/0/0 {
unit 0 {
family inet {
address 192.168.1.1/24;
}
}
}
ge-0/0/1 {
unit 0 {
description "WAN";
family inet {
address xx.xx..74.155/27;
}
}
}
ge-0/0/2 {
unit 0 {
description " LAN";
family inet {
address XX.XX.246.161/28;
}
}
}
lo0 {
unit 0 {
family inet {
address 127.0.0.1/32;
}
}
}
}
security {
screen {
ids-option untrust-screen {
icmp {
ping-death;
}
ip {
source-route-option;
tear-drop;
}
tcp {
syn-flood {
alarm-threshold 1024;
attack-threshold 200;
source-threshold 1024;
destination-threshold 2048;
queue-size 2000;
timeout 20;
}
land;
}
}
}
zones {
security-zone trust {
tcp-rst;
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
ge-0/0/0.0 {
host-inbound-traffic {
system-services {
http;
https;
ssh;
telnet;
dhcp;
}
}
}
ge-0/0/1.0;
ge-0/0/2.0;
lo0.0;
}
}
security-zone untrust {
screen untrust-screen;
}
}
policies {
from-zone trust to-zone trust {
policy default-permit {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone trust to-zone untrust {
policy default-permit {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone untrust to-zone trust {
policy default-deny {
match {
source-address any;
destination-address any;
application any;
}
then {
deny;
}
}
}
default-policy {
permit-all;
}
}
alg {
dns disable;
ftp disable;
h323 disable;
mgcp disable;
msrpc disable;
sunrpc disable;
real disable;
rsh disable;
rtsp disable;
sccp disable;
sip disable;
sql disable;
talk disable;
tftp disable;
pptp disable;
}
forwarding-options {
family {
inet6 {
mode packet-based;
}
iso {
mode packet-based;
}
}
}
flow {
allow-dns-reply;
tcp-session {
no-syn-check;
no-syn-check-in-tunnel;
no-sequence-check;
}
}
}
Thanks
I just setup out Juniper J2300 series and it look OK but it doesnot route not return pings. I can only log to the web interface 192.168.1.1. I am 192.168.1.10 and cannot ping 192.168.1.1 when connected directly to hte interface
version 9.2R1.10;
system {
autoinstallation {
delete-upon-commit;
traceoptions {
level verbose;
flag {
all;
}
}
}
host-name XXXX;
root-authentication {
encrypted-password ;
}
services {
ssh;
telnet;
web-management {
http {
interface ge-0/0/0.0;
}
}
}
syslog {
user * {
any emergency;
}
file messages {
any any;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
license {
autoupdate {
url https://ae1.juniper.net/junos/key_retrieval;
}
}
}
interfaces {
ge-0/0/0 {
unit 0 {
family inet {
address 192.168.1.1/24;
}
}
}
ge-0/0/1 {
unit 0 {
description "WAN";
family inet {
address xx.xx..74.155/27;
}
}
}
ge-0/0/2 {
unit 0 {
description " LAN";
family inet {
address XX.XX.246.161/28;
}
}
}
lo0 {
unit 0 {
family inet {
address 127.0.0.1/32;
}
}
}
}
security {
screen {
ids-option untrust-screen {
icmp {
ping-death;
}
ip {
source-route-option;
tear-drop;
}
tcp {
syn-flood {
alarm-threshold 1024;
attack-threshold 200;
source-threshold 1024;
destination-threshold 2048;
queue-size 2000;
timeout 20;
}
land;
}
}
}
zones {
security-zone trust {
tcp-rst;
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
ge-0/0/0.0 {
host-inbound-traffic {
system-services {
http;
https;
ssh;
telnet;
dhcp;
}
}
}
ge-0/0/1.0;
ge-0/0/2.0;
lo0.0;
}
}
security-zone untrust {
screen untrust-screen;
}
}
policies {
from-zone trust to-zone trust {
policy default-permit {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone trust to-zone untrust {
policy default-permit {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone untrust to-zone trust {
policy default-deny {
match {
source-address any;
destination-address any;
application any;
}
then {
deny;
}
}
}
default-policy {
permit-all;
}
}
alg {
dns disable;
ftp disable;
h323 disable;
mgcp disable;
msrpc disable;
sunrpc disable;
real disable;
rsh disable;
rtsp disable;
sccp disable;
sip disable;
sql disable;
talk disable;
tftp disable;
pptp disable;
}
forwarding-options {
family {
inet6 {
mode packet-based;
}
iso {
mode packet-based;
}
}
}
flow {
allow-dns-reply;
tcp-session {
no-syn-check;
no-syn-check-in-tunnel;
no-sequence-check;
}
}
}
Thanks
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
sounds good
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
ASKER
how do I set the NAT on the 192.168.1.0/24 ge0/0/0.0 interface NAT to give it outside access?
Thanks