VPN Phase-1 issues between a Juniper ISG-1000 and a Virtual Pal Alto.
Folks, We are working on a VPN tunnel establishment from a Juniper firewall to a Palo Alto Firewall. The Juniper Firewall gives us the below error: “Rejected an IKE packet on ethernet1/2 from...
View ArticleRe: Multiple Ethernet adapters (mac addresses) and one reserved ip address
You really cannot do this with DHCP reservation. These are limited to one mac address per reservation. And there is no graceful way to have to active interfaces with the same mac address. That is why...
View ArticleRe: Translated Source Address Using Default Gateway Not Alternate Public IP
Do you have proxy arp setup for 212.24.24.45 on the eth4 interface?
View ArticleRe: VPN Phase-1 issues between a Juniper ISG-1000 and a Virtual Pal Alto.
Typically this is an error on the gateway configuration on the ISG side.Confirm that the PA gateway address w.x.y.z is correctand that this gateway object is associated with the external interface...
View ArticleRe: VPN Phase-1 issues between a Juniper ISG-1000 and a Virtual Pal Alto.
Yes, the Palo Alto gateway is correct and the external interface also has the correct IP.The only notable difference here was that this Palo Alto is a Virtual device in AWS so that means the Untrust...
View ArticleRe: Translated Source Address Using Default Gateway Not Alternate Public IP
I did try that and forgot to post the issue I was having. Since I am using an archaic 204 device (Version: 5.4.0r28a.0 (Firewall+VPN)), the following command does not work. I just need eth4 in the...
View ArticleRe: VPN Phase-1 issues between a Juniper ISG-1000 and a Virtual Pal Alto.
This usually indicates that the interface configured in the gateway does not match the interface that the traffic is received on. Please verify that your interface in P1 is set to eth1/2.
View ArticleVPN client receives incorrect subnet mask
Hi!I configured my vpn connection to the SSG5 device according to this:https://www.shrew.net/support/Howto_Juniper_SSGThe connection works with one small problem - my client obtains 255.255.255.255...
View ArticleRe: VPN Phase-1 issues between a Juniper ISG-1000 and a Virtual Pal Alto.
yes, it is the case.
View ArticleRe: VPN Phase-1 issues between a Juniper ISG-1000 and a Virtual Pal Alto.
Is the VPN configured in the aggressive mode? What is the IKE mode config on the netscreen, please remove the PSK etc while updating here. Thanks,Vikas
View ArticleRe: Translated Source Address Using Default Gateway Not Alternate Public IP
I found the 5.4 documentation here:https://www.juniper.net/documentation/software/screenos/screenos5.4.0/ For the proxy arp it looks like the screenOS 5.4 command is this.set arp always-on-dest For the...
View ArticleRe: VPN Phase-1 issues between a Juniper ISG-1000 and a Virtual Pal Alto.
the Untrust interface of the Palo Alto sits behind a NATDo you have nat-t selected on the ISG side vpn?
View ArticleRe: VPN client receives incorrect subnet mask
What size pool did you create for the client connections?I think the mask will come from there.
View ArticleRe: Translated Source Address Using Default Gateway Not Alternate Public IP
Steve, Thanks again for the help but I am now a little confused. Are you saying that I should change it back to this below and then run the arp command? Will this only impact the 192.168.0.45 address...
View ArticleRe: Translated Source Address Using Default Gateway Not Alternate Public IP
As you follow down the setup for PBR nothing will include the public ip address.The binding will be to the ingress interface eth1the next hop will be the egress interface eth4 1-extended ACL is just...
View ArticleRe: New release of NSSA - The Netscreen Session Analyzer
Can you somebody please provide a copy? Please and thank you.
View ArticleRe: Translated Source Address Using Default Gateway Not Alternate Public IP
Steve, thanks for the response. I have added the PBR as instructed and I also enabled ARP but I am still getting the same results. I added all of the details below so hopefully we can get this...
View ArticleRe: Translated Source Address Using Default Gateway Not Alternate Public IP
We seem close now. the inbound traffic is showing replies but the outbound is not yet. I would make these two changes: Add the next hop to the source routing option:Source RoutingNetwork Source...
View ArticleClik here to view.
Re: Translated Source Address Using Default Gateway Not Alternate Public IP
Steve, we have always been able to receive to the mail server using the proper public IP, the issue is still the same where the outgoing packets show bytes sent but nothing for bytes received. I did...
View ArticleRe: Translated Source Address Using Default Gateway Not Alternate Public IP
Sorry for the confusion, in addition to the deletion which you have done. I am suggesting adding the ip address of your default gateway on the service on eth4 to the screen displayed. So not just the...
View Article