Bootloader 1.3.2 for SSG-5 boot loop. No have Initialization.
Hi! I have a problem with SSG5. It reboots in a circle. Reset button does not work.Message "Initialization - Done" not appears. Juniper Networks SSG5 Boot Loader Version 1.3.2 (Checksum:...
View ArticleRe: Bootloader 1.3.2 for SSG-5 boot loop. No have Initialization.
So you don't get the rest of the output listed here where the test passes and initialization completes? NetScreen NS-5XT Boot Loader Version 2.0.0 (Checksum: A1B6FF9B)Copyright (c) 1997-2003 NetScreen...
View ArticleRe: Bootloader 1.3.2 for SSG-5 boot loop. No have Initialization.
Last message: Total physical memory: 256MB Test - Pass then reboot again.
View ArticleRe: Bootloader 1.3.2 for SSG-5 boot loop. No have Initialization.
That's what I thought you were saying. So the memory test passes and something else in the hardware test fails. Unfortunately, on the SSG5 the memory is the only user replacable part. If you have...
View ArticleRe: Apple iPhone/iPad VPN to ScreenOS - now possible!
Hi Chris, In general, you should check your policy and see if your client is allowed to reach DNS server through DNS protocol. I assume that your DNS is located within corporate network, so check your...
View ArticleSite to Site VPN Nat Source Traffic
I'm trying to setup a vpn from a 5GT running 5.x code to a Cisco ASA. The 5GT has an internal network of 10.1.1.0/24 and needs access to 2 subnets behind the ASA( 172.25.101.0/24 and 172.25.102.0/24)....
View ArticleRe: Site to Site VPN Nat Source Traffic
Hi, Please check KB https://kb.juniper.net/InfoCenter/index?page=content&id=KB10923&actp=METADATA for one to one mapping of subnet. You need to configure MIP on the tunnel interface and also...
View ArticleRe: Site to Site VPN Nat Source Traffic
Ok thanks. So something like this: set interface "tunnel.2" mip 10.0.2.0 host 10.0.1.0 netmask 255.255.255.0vr "trust-vr"set policy from "Untrust" to "Trust" "172.25.102.0/24" "MIP(10.0.2.0/24)" "ANY"...
View ArticleRe: Site to Site VPN Nat Source Traffic
Hi, You have one subnet 10.1.1.0/24 behind 5GT which already exists on some other site. So you need to source your all the traffic from different subnet. e.g. 10.0.2.0/24 Below will Source NAT the...
View Articlehow to filter debug ike all
Hi,Is there a way to filter debug ike all and have only the negotiation for VPN peer i need?I tried set sa-filter ip_address_of_VPN_peer but i still see the IP addresses of other VPN peers in the dbuf...
View ArticleRe: Site to Site VPN Nat Source Traffic
Thanks for the help on this. So I was able to get it going somewhat. I disabled the old tunel for now and built a route-based tunnel and added this: set interface tunnel.4 ip unnumbered interface...
View ArticleRe: how to filter debug ike all
Hello, The command you have used is correct. Usually we might see some outputs for a peer IP 0.0.0.0 which you can ignore. If you are seeing a VPN peer IP for which you have not set the filter, can you...
View ArticleRe: Bootloader 1.3.2 for SSG-5 boot loop. No have Initialization.
Hello, What is the status of the power LED ? Does this goamber or red ? or is it green ? If power LED is red, then try changing any other power adapter. If power is ok, you might need toget a...
View ArticleRe: Site to Site VPN Nat Source Traffic
Hello, I suspect that the other 172.27.175.0/24 is taking precedence here. I would suggest to do a debug flow basic with proper filters set to see how the traffic does route / policy lookup while being...
View ArticleRe: Site to Site VPN Nat Source Traffic
Please check your policies, any policy which is allowing the traffic from 10.1.1.0/24 to 172.x.x.x subnet should come after the MIP policy not before. Thanks,Vikas
View ArticleClik here to view.
Re: how to filter debug ike all
Hi,I prepared the debug ike all and show the sa-filter in place. The dbuf is cleared before running the debugEven the filter is set to ip ending in 137.76 we see multiple ips from other VPN peers for...
View ArticleRe: how to filter debug ike all
Hello, The only difference I see between the official documentation and your setup is that you have debug ike all instead of debug ike detail. Can you check by doing only debug ike detail if the...
View ArticleClik here to view.
Re: how to filter debug ike all
Hello,Is this seen on only this firewall or are you seeing this on other firewalls as well ?RegardsVatsa
View ArticleRe: general question about destination nat on ScreenOS FW
thank you very much, much appreciated
View Article