SRX

Hi,

I have checked everything before posting this question (unlike my last one which I apologise for)....

I am trying to enable SSH access to an SRX1500. I have no use for the trust zone as I have created 4 x routing-instances..... This may be a trust zone issue but am unsure....

I am entering via an instance named "netopstest2". I have configured the following:

set system services ssh

set security address-book global address netopstest2-network 192.168.10.0/24

set security address-book global address-set Cust-to-dmz-bidirectional address netopstest2-network

set security policies from-zone netopstest2 to-zone netopstest2 policy netopstest_1 match source-address any
set security policies from-zone netopstest2 to-zone netopstest2 policy netopstest_1 match destination-address any
set security policies from-zone netopstest2 to-zone netopstest2 policy netopstest_1 match application any
set security policies from-zone netopstest2 to-zone netopstest2 policy netopstest_1 then permit
set security policies from-zone netopstest2 to-zone Customer-Network policy netopstest_1 match source-address any
set security policies from-zone netopstest2 to-zone Customer-Network policy netopstest_1 match destination-address any
set security policies from-zone netopstest2 to-zone Customer-Network policy netopstest_1 match application any
set security policies from-zone netopstest2 to-zone Customer-Network policy netopstest_1 then permit

set security zones security-zone netopstest2 host-inbound-traffic system-services all
set security zones security-zone netopstest2 host-inbound-traffic protocols all
set security zones security-zone netopstest2 interfaces ge-0/0/8.0 host-inbound-traffic system-services ssh
set security zones security-zone netopstest2 interfaces lt-0/0/0.9

set interfaces ge-0/0/8 unit 0 family inet address 192.168.10.210/24
set interfaces ge-0/0/8 unit 0 family iso

set routing-instances netopstest2 instance-type virtual-router
set routing-instances netopstest2 interface lt-0/0/0.9
set routing-instances netopstest2 interface ge-0/0/8.0
set routing-instances netopstest2 interface lo0.50
set routing-instances netopstest2 protocols isis export export_statics
set routing-instances netopstest2 protocols isis level 1 authentication-key "$9$KZDvxd2gJDHmaZmTF/0OSrevX7dbs4JG"
set routing-instances netopstest2 protocols isis level 1 authentication-type md5
set routing-instances netopstest2 protocols isis level 2 authentication-key "$9$g54UHf5F/A0z30Ihr8Lbs24GDHqmTFn"
set routing-instances netopstest2 protocols isis level 2 authentication-type md5
set routing-instances netopstest2 protocols isis interface lt-0/0/0.9
set routing-instances netopstest2 protocols isis interface ge-0/0/8.0
set routing-instances netopstest2 protocols isis interface lo0.50

Any ideas why I cannot get SSH access please?

Thanks

Hi,

Problem resolved. Added SSH to a secondary routing-instance that does not appear to be required for incomming traffic and therefore should not have need the SSH command, and it started working.

Thank you.

I know this issue shows as resolved, and it is on the directly connected SRX, but I cannot connect to the remote SRX at all via SSH. I get the "Server unexpectedly closed network connection" error.

The connectivity is as follows:

192.168.10.0/24 Network --> direct to port ge-0/0/8 on SRX1 --> netopstest2 Zone --> Customer zone (ae2 interface) --> core1 --> core2 --> SRX2 Customer-network zone --> ssh

As far as I can see, the only incomming interface is ae2 for the customer-network on SRX2.... I have allowed through the 192.168.10.0/24 network via a "customer-network --> customer-network" policy of "any any any permit".

I can ping the interface from the netopstest2 routing-instance on SRX1 and can also traceroute to it. I have enabled ssh and also the customer-networks zone has system-services all and applications all, associated with it.....

I'm kind of stuck as the configurations look the same....