SRX550 cluster always ssh to secondary node
I am having an issue where I have a cluster of 2 x SRX550s and when I ssh to the fxp0 address i always get the secondary node.If i disconnect the secondary node ge-0/0/0 from a switch I can ssh to the...
View ArticleRe: SRX550 cluster always ssh to secondary node
Interesting issue.. So, irrespective of you trying to reach .248 or .249, you end up reaching the secondary node? Any chance you have an IP conflict between the FXP and ge-0/0/0 subnets?If possible,...
View ArticleRe: SRX550 cluster always ssh to secondary node
Hi Gokul,No config on Ge-0/0/0 as this became fxp0 in creating the cluster, I do have another reth interface in the same subnet for routing to other devices which is down right now. apply...
View ArticleRe: SRX550 cluster always ssh to secondary node
HI,For RG0, node0 will be the primary based on the priority and you might want to use 192.168.20.248 to access Node0. When you try to reach 192.168.20.248, is it that you end up logging into Node1? How...
View ArticleRe: Critical error of Scan Manager
Hi, Yes, that message confirms the update being done successfully. In case, such updates, please follow the steps mentioned in the KB to update it manually. If it still fails, reach out to JTAC. Glad...
View ArticleRe: SRX550 cluster always ssh to secondary node
Hi Firefly, Have you configured fxp0's IP under the general 'set interfaces' hierarchy as well?If you have fxp0 defined directly under interfaces, it'll take precedence over your node0/1 groups....
View ArticleRe: SRX550 cluster always ssh to secondary node
Both 0.248 and 0.249 access the secondary node.accessing from same subnet so no backup router config used. when I ssh to .248 or .249 it show secondary node on the prompt, my first indication was when...
View ArticleRe: Route based IPSEC VPN Config between SSG-550M and Cisco ASA
Hi Gokul, Thanks for the clairification. I've checked the drop down and found there are few with "nopfs." Since I'm already using G2 in the proposal, which means PFS is included/enabled. Regarding the...
View ArticleRe: Route based IPSEC VPN Config between SSG-550M and Cisco ASA
Hi Ishaik, AFAIK, there is no 'no proxy-id' - definitiely not on the Cisco boxes. If they had configured an accept-all proxy-id, then your VPN would have some up whith 0.0.0.0/0 as proxy ID.If you want...
View ArticleAccess VPN from eth0/0 Untrust
Hi, I'm relatively new to Juniper devices and need a bit of support configuring a routing policy. Our SSG-5 is acting as a VPN-Endpoint and in the past we connected devices to bgroup-0 inorder to...
View ArticleRe: Access VPN from eth0/0 Untrust
Hello Christopher, I understand that your Router will be forwarding requests for subnet 10.30.XXX.XXX to your SSG5 eth0/0 IP 192.168.53.200.This traffic then needs to be directed over the tunnel. Is...
View ArticleVIP IP Public to ip private remote server cant contacted JUNIPER SSG5
Hi guys,i have ip public 103.244.205.25and then i have ip local : 10.173.1.0/24and this ip remote : 192.168.2.30 between local and remote ip each can ping via ipsec connection. but when i configuring...
View ArticleRe: VIP IP Public to ip private remote server cant contacted
Hi,Can you share your VIP configuration, also are you using “server auto detection” ?Thanks and RegardsVikas Singh
View Articlenetscreen domain name for an ip addr
Hi All,Could you please let me know is there any option in SSG to configure domain name-ip address mapping, so that i can ping some mapped servers using the domain name ? I have seen an option to call...
View Articlel2tp site to site between two SSG
Hello, I am trying to make a l2tp tunnel between two Juniper SSG 320M, using one SSG like server and the other like client but I cannot do that the tunnel works, Do you have any suggestion or guide of...
View ArticleRe: l2tp site to site between two SSG
all of the kb for l2tp that I see assume you are using this as a remote access method from a client computer. Seems possible it is not tested for site to site use.
View ArticleRe: netscreen domain name for an ip addr
In the web interface Network > DNS > CacheCreate a static entry with the name and ip address you want
View ArticleRe: netscreen domain name for an ip addr
Thank you so much, i will check and update you.
View Article