Solved

Juniper SRX NOOBIE

Posted on 2011-09-29
12
1,123 Views
Last Modified: 2012-06-27

I am complete noob to JunOS and SRX so I am trying to use the J-Web interface to configure a new SRX240.  Of course I cannot figure out how to do the most basic thing.  I need to configure the outside "untrust" interface to have the IP of 1.2.3.4/30 with the gateway of 1.2.3.5.  But I cannot see where to add the gateway for the external facing interface (ge 0/0/0.0).  Thus I cannot get connectivity to the internet.  Perhaps I need to add services or protocols to the untrust zone; I have not made any changes to this zone since the intial config wizard set this up.  Any help would be great
0
Comment
Question by:bruce8024
  • 6
  • 6
12 Comments
 
LVL 32

Accepted Solution

by:
harbor235 earned 500 total points
ID: 36890949


under routing options,

CLI:
routing-options {
    static {
        route 0.0.0.0/0 next-hop 1.2.3.4;
       
JWEB:
http://www.juniper.net/techpubs/en_US/junos11.3/topics/task/configuration/routing-policy-ex-series-j-web.html

harbor235 ;}

0
 

Author Comment

by:bruce8024
ID: 36893180
Do I need to add the external gateway for 1.2.3.4?
0
 
LVL 32

Expert Comment

by:harbor235
ID: 36893188

substitute your gateway for 1.2.3.4, it was just an example.

harbor235 ;}
0
 

Author Comment

by:bruce8024
ID: 36893206
Ok just to be clear 1.2.3.4/32 is the IP the ISP has provisioned me, 1.2.3.5 is the gateway the ISP has given me for that IP.  Should the route be for 1.2.3.4 or 1.2.3.5?
0
 
LVL 32

Expert Comment

by:harbor235
ID: 36893207

You know i did not even see you used that address, so you would add 1.2.4.5 as your gateway.

it must have been in my head but did not realize it, DOH?  but that range is not your real range anyway, it was an example as well, correct?

harbor235 ;}
0
 

Author Comment

by:bruce8024
ID: 36893344
Yes these were example IPs.  For some reason I didn't want to use my actual IPs ... :)
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 
LVL 32

Expert Comment

by:harbor235
ID: 36893362


I have configured several SRXs, let me know how it goes.

harbor235 ;}
0
 

Author Comment

by:bruce8024
ID: 36921026
Harbor You still there?

I am trying to setup just a basic NAT and policy.  I want to nat port 3389 from 65.x.x.115 to 192.x.x.5.  I am using J-web again, I setup up the NAT, I added to the 65.x.x.115 to the untrust interface (ge/0/0/0), and I added a firewall policy that goes from untrust/any to untrust/65.x.x.115 and it allows 3389.  Am I missing something cause it won't work...
0
 
LVL 32

Expert Comment

by:harbor235
ID: 36924276


I do not use J-WEB so it is hard to say, can you post teh resulting NAT config J-WEB generated?

Here is an example of command line destination NAT:

security {
    nat {
        static {
            rule-set SERVERS {
                from zone untrust;
                rule server1 {
                    match {
                        destination-address 1.2.3.4/32;
                    }
                    then {
                        static-nat prefix 172.22.210.50/32;
                    }
                }
                rule server2 {
                    match {
                        destination-address 1.2.3.5/32;
                    }
                    then {
                        static-nat prefix 172.22.210.51/32;
                    }
                }
            }
        }
        proxy-arp {
            interface fe-0/0/0.0 {
                address {
                    1.2.3.4/32;
                    1.2.3.5/32;
                }
            }
        }
    }
0
 

Author Comment

by:bruce8024
ID: 36925430
yes this helps because I was trying to use destination nats, ill try using static nats... thanks again
0
 

Author Comment

by:bruce8024
ID: 36925440
although where do you designate which ports are allowed on that specific nat?
0
 
LVL 32

Expert Comment

by:harbor235
ID: 36926566


my eample is a one to one NAT, you can allow whatever ports through with your security policy,
remember this is not PAT

harbor235 ;}
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
Note: This is the second blog post in a series on email clearinghouses (https://www.xmatters.com/alert-management/blog-email-has-failed-us?utm_campaign=70138000000ydLoAAI&utm_source=exex&utm_medium=article&utm_content=blog-post).   Every month t…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now