Re: Trying to create a VPN Tunnel between 2 SSG devices, but I'm not even...
Debugs from herehttps://kb.juniper.net/InfoCenter/index?page=content&id=KB23844#vpn
View ArticleTunnel created but can't ping other sides
We're trying to implement a satellite office installation that currently has an SSG-140. The tunnel is alive to our main device, an SSG-320, but for some reason no traffic can pass in either direction....
View ArticleRe: Trying to create a VPN Tunnel between 2 SSG devices, but I'm not even...
Due to other conditions we've moved to static IPs now, but this has created a new issue. Which I've created a new post for. Thanks again.
View ArticleRe: Tunnel created but can't ping other sides
Can you run "debug flow basic" on both sides at the same time? This will show how the traffic is being processed. https://kb.juniper.net/InfoCenter/index?page=content&id=KB23844#basicdebug
View ArticleRe: Tunnel created but can't ping other sides
OK, I ran the debug on both sides, simultaneously. Our main site (192.168.1.1/24) recorded absolutely nothing to the other IP (172.16.10.1/24). However from the satellite side (172.16.10.1/24) I...
View ArticleRe: Tunnel created but can't ping other sides
What flow filters did you set? You have to set the flow filter for a specific host source/destination.
View ArticleRe: Tunnel created but can't ping other sides
I used the following on both sides:set ffilter src-ip 192.168.1.1 dst-ip 172.16.10.1set ffilter src-ip 172.16.10.1 dst-ip 192.168.1.1
View ArticleRe: Tunnel created but can't ping other sides
Try running the debug again and specify the source interface when you ping. ping 172.16.10.1 from <interface 192.168.1.1> For example, if 192.168.1.1 is assigned to eth0/1,ping 172.16.10.1 from...
View ArticleClik here to view.
Unable to ping from SSG140 to external network
Hello,I am having some difficulties on our newly setup firewall. We have 2 zones configured; Untrust>going to our external network nad Trust>going to our LAN network. For this setup we will allow...
View ArticleRe: Unable to ping from SSG140 to external network
Are you trying to nat the traffic? set interface ethernet0/2 nat If not, change this toset interface ethernet0/2 route If yes, move this to the trust interface. Note that this changes all the subnet...
View ArticleSSG 550 in a rolling crash / reboot after bootload and firmware upgrade
I have an SSG 500 with 256 MB (I mention this since the crash mentions memory allocation issues) that was running ScreenOS 6.1. We wanted to upgrade this server to the latest bootload and firmware. We...
View ArticleRe: SSG 550 in a rolling crash / reboot after bootload and firmware upgrade
This looks like a hardware issue. I would recommend opening a JTAC case for an RMA.
View ArticleRe: Tunnel created but can't ping other sides
I repeated the process with the added "from eth0/x", but there wasn't any difference. From SSG320 - 192.168.1.0fw1.hq-> ping 172.16.10.1 from eth0/3Type escape sequence to abortSending 5, 100-byte...
View ArticleRe: SSG 550 in a rolling crash / reboot after bootload and firmware upgrade
Hi. Thanks for the reply. What confuses me is that the unit seemed to be working OK before the 6.3 firmware upgrade. It hasn't been used in a while, but 6.1 was working ok, after bootloader upgrade it...
View ArticleRe: Tunnel created but can't ping other sides
That's odd that the debuf stream would be blank. Even if it was dropping the traffic it should still show there. Can you provide the output of "get tech" from both devices?
View ArticleRe: Tunnel created but can't ping other sides
Both devices "get tech" results. Edited to remove more of the sensitive info.
View ArticleRe: Tunnel created but can't ping other sides
Try running the debug again, but this time use the following ping commands. SSG-140:ping 192.168.1.1 from bg0 SSG-320:ping 172.16.10.1 from eth0/0 This will specify the source IP addresses as your...
View ArticleRe: Tunnel created but can't ping other sides
Hi, From SSG140 - 172.16.10.0SSG140-> ping 192.168.1.1 from eth0/2 Where Eth0/2 has the IP 70.66.178.165/22 as per the config : set interface ethernet0/2 ip 70.66.178.165/22 . The ping will pick...
View ArticleRe: Tunnel created but can't ping other sides
Reconfigured the ping test, at least we have actual output this time, from both interfaces.
View ArticleRe: Tunnel created but can't ping other sides
You have a routing issue. set route source 192.168.1.0/24 interface ethernet0/3 gateway 68.179.20.150 preference 50set route source 192.168.1.0/24 interface ethernet0/2 gateway 184.69.6.121 preference...
View Article