Solved

Juniper SSG5 - no connectivity

Posted on 2011-03-19
2
669 Views
Last Modified: 2012-05-11
Hi, im am trying to setup a new SSG5. I have been given small /29 subnett with public IP's and I can not get it to work.

I have added a default route, but i cannot reach anything outside fram the inside.
Can anyonw see if have i have done something wrong here?  The Untrust Eth0/0 has this config:
set interface ethernet0/0 ip 87.110.178.210/29

And the default route looks like this:
set route 0.0.0.0/0 interface ethernet0/0 gateway 87.110.178.209


I can not ping anything on the outside.

I also have setup a test D-Link router which is working on IP 87.110.178.214 so i know that the subnet is working.
-cfg-2-.txt
0
Comment
Question by:xcomiii
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 70

Accepted Solution

by:
Qlemo earned 500 total points
ID: 35173237
Your config seems to be ok. Only note I have is that you have defined the same gateway twice - once for the interface, and another one in the trust-vr vrouter setup. I would only use the interface one, and allow adding the default gateway again:
set vrouter "trust-vr"
set add-default-route
unset route 0.0.0.0/0 interface ethernet0/0 gateway 87.110.178.209
exit

Open in new window

Did you check if policy 1 is hit at all? You have setup session logging, so you should see that.
And of course you checked you can reach your default gateway?!
0
 
LVL 9

Author Comment

by:xcomiii
ID: 35173847
Thanks for your reply.
I did try to remove the second gateway, but "in use" error appeared.
However, you did point me in the right direction so i decided to restore the box to default setting and start over again, this time with only one gateway.

So now it works like dream, thank you.
0

Featured Post

Retailers - Is your network secure?

With the prevalence of social media & networking tools, for retailers, reputation is critical. Have you considered the impact your network security could have in your customer's experience? Learn more in our Retail Security Resource Kit Today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently had the displeasure of buying a new firewall at one of the buildings I play Sys Admin at. I had to get a better firewall than the cheap one that I had there since I was reconnecting the main office to the satellite office via point-to-poi…
A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question