Solved

Juniper J Series does not route nor ping

Posted on 2010-11-17
6
1,714 Views
Last Modified: 2012-05-10
Hello,

I just setup out Juniper J2300 series and it look OK but it doesnot route not return pings. I can only log to the web interface 192.168.1.1. I am 192.168.1.10 and cannot ping 192.168.1.1 when connected directly to hte interface

version 9.2R1.10;
system {
    autoinstallation {
        delete-upon-commit;
        traceoptions {
            level verbose;
            flag {
                all;
            }
        }
    }
    host-name XXXX;
    root-authentication {
        encrypted-password ;
    }
    services {
        ssh;
        telnet;
        web-management {
            http {
                interface ge-0/0/0.0;
            }
        }
    }
    syslog {
        user * {
            any emergency;
        }
        file messages {
            any any;
            authorization info;
        }
        file interactive-commands {
            interactive-commands any;
        }
    }
    license {
        autoupdate {
            url https://ae1.juniper.net/junos/key_retrieval;
        }
    }
}
interfaces {
    ge-0/0/0 {
        unit 0 {
            family inet {
                address 192.168.1.1/24;
            }
        }
    }
    ge-0/0/1 {
        unit 0 {
            description "WAN";
            family inet {
                address xx.xx..74.155/27;
            }
        }
    }
    ge-0/0/2 {
        unit 0 {
            description " LAN";
            family inet {
                address XX.XX.246.161/28;
            }
        }
    }
    lo0 {
        unit 0 {
            family inet {
                address 127.0.0.1/32;
            }
        }
    }
}
security {
    screen {
        ids-option untrust-screen {
            icmp {
                ping-death;
            }
            ip {
                source-route-option;
                tear-drop;
            }
            tcp {
                syn-flood {
                    alarm-threshold 1024;
                    attack-threshold 200;
                    source-threshold 1024;
                    destination-threshold 2048;
                    queue-size 2000;
                    timeout 20;
                }
                land;
            }
        }
    }
    zones {
        security-zone trust {
            tcp-rst;
            host-inbound-traffic {
                system-services {
                    all;
                }
                protocols {
                    all;
                }
            }
            interfaces {
                ge-0/0/0.0 {
                    host-inbound-traffic {
                        system-services {
                            http;
                            https;
                            ssh;
                            telnet;
                            dhcp;
                        }
                    }
                }
                ge-0/0/1.0;
                ge-0/0/2.0;
                lo0.0;
            }
        }
        security-zone untrust {
            screen untrust-screen;
        }
    }
    policies {
        from-zone trust to-zone trust {
            policy default-permit {
                match {
                    source-address any;
                    destination-address any;
                    application any;
                }
                then {
                    permit;
                }
            }
        }
        from-zone trust to-zone untrust {
            policy default-permit {
                match {
                    source-address any;
                    destination-address any;
                    application any;
                }
                then {
                    permit;
                }
            }
        }
        from-zone untrust to-zone trust {
            policy default-deny {
                match {
                    source-address any;
                    destination-address any;
                    application any;
                }
                then {
                    deny;
                }
            }
        }
        default-policy {
            permit-all;
        }
    }
    alg {
        dns disable;
        ftp disable;
        h323 disable;
        mgcp disable;
        msrpc disable;
        sunrpc disable;
        real disable;
        rsh disable;
        rtsp disable;
        sccp disable;
        sip disable;
        sql disable;
        talk disable;
        tftp disable;
        pptp disable;
    }
    forwarding-options {
        family {
            inet6 {
                mode packet-based;
            }
            iso {
                mode packet-based;
            }
        }
    }
    flow {
        allow-dns-reply;
        tcp-session {
            no-syn-check;
            no-syn-check-in-tunnel;
            no-sequence-check;
        }
    }
}

Thanks
0
Comment
Question by:scubablue
  • 2
  • 2
6 Comments
 
LVL 11

Assisted Solution

by:donmanrobb
donmanrobb earned 500 total points
ID: 34161260
You can't ping 192.168.1.1 because you have only allowed the following protocols through the interface

            interfaces {
                ge-0/0/0.0 {
                    host-inbound-traffic {
                        system-services {
                            http;
                            https;
                            ssh;
                            telnet;
                            dhcp;

As for the routing you'll need to add a default route with: set routing-options static route 0/0 next-hop x.x.x.x

Also you'll need to setup NAT to get on the internet.
0
 
LVL 1

Author Comment

by:scubablue
ID: 34165692
Great, I have the non private interfaces routing,

how do I set the NAT on the 192.168.1.0/24 ge0/0/0.0 interface NAT to give it outside access?

Thanks
0
 
LVL 11

Accepted Solution

by:
donmanrobb earned 500 total points
ID: 34166832
Here is a guide that will show you how to configure NAT
http://www.juniper.net/us/en/local/pdf/app-notes/3500151-en.pdf
0
 
LVL 1

Author Comment

by:scubablue
ID: 34393356
sounds good
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 34415357
This question has been classified as abandoned and is being closed as part of the Cleanup Program.  See my comment at the end of the question for more details.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

816 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now