?
Solved

Juniper SSG5 - no connectivity

Posted on 2011-03-19
2
Medium Priority
?
670 Views
Last Modified: 2012-05-11
Hi, im am trying to setup a new SSG5. I have been given small /29 subnett with public IP's and I can not get it to work.

I have added a default route, but i cannot reach anything outside fram the inside.
Can anyonw see if have i have done something wrong here?  The Untrust Eth0/0 has this config:
set interface ethernet0/0 ip 87.110.178.210/29

And the default route looks like this:
set route 0.0.0.0/0 interface ethernet0/0 gateway 87.110.178.209


I can not ping anything on the outside.

I also have setup a test D-Link router which is working on IP 87.110.178.214 so i know that the subnet is working.
-cfg-2-.txt
0
Comment
Question by:xcomiii
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 70

Accepted Solution

by:
Qlemo earned 2000 total points
ID: 35173237
Your config seems to be ok. Only note I have is that you have defined the same gateway twice - once for the interface, and another one in the trust-vr vrouter setup. I would only use the interface one, and allow adding the default gateway again:
set vrouter "trust-vr"
set add-default-route
unset route 0.0.0.0/0 interface ethernet0/0 gateway 87.110.178.209
exit

Open in new window

Did you check if policy 1 is hit at all? You have setup session logging, so you should see that.
And of course you checked you can reach your default gateway?!
0
 
LVL 9

Author Comment

by:xcomiii
ID: 35173847
Thanks for your reply.
I did try to remove the second gateway, but "in use" error appeared.
However, you did point me in the right direction so i decided to restore the box to default setting and start over again, this time with only one gateway.

So now it works like dream, thank you.
0

Featured Post

Bringing Advanced Authentication to the SMB Market

WatchGuard announces the acquisition of advanced authentication provider, Datablink, with one mission – to bring secure authentication to SMB, mid-market, and distributed enterprises with a cloud-based solution, ideal for resale via their established channel & MSSP community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Network traffic routing plays key role in your network, if you have single site with heavy browsing or multiple sites, replicating important application data from your Primary Default Gateway ,you have to route your other network traffic from your p…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
Suggested Courses
Course of the Month15 days, 15 hours left to enroll

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question