SRX

 View Only
last person joined: 15 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  HTTP and SSH Issue

     
    Posted 02-28-2018 06:31

    Hi,

     

    Sorry for disturbing you guys again with what may be an easily resolved issue.... I have checked everything I can with regards to this issue and am now at a loss (with no ability to wireshark):

    As I am using separate VRs and Tunnels, it may be better to simply post the whole config minus the secitons that are not really relevant:

    set system services ftp
    set system services ssh root-login deny
    set system services ssh connection-limit 3
    set system services web-management http
    set system services web-management https system-generated-certificate
    set system services web-management https interface fxp0.0
    set system syslog file interactive-commands interactive-commands any
    set system max-configurations-on-flash 5
    set chassis aggregated-devices ethernet device-count 2
    set security log mode stream
    set security log report
    set security address-book global address hexradiusbtb 195.80.10.73/32
    set security address-book global address thwradiusbtb 195.80.10.69/32
    set security address-book global address thw-lns-01 195.80.10.13/32
    set security address-book global address thw-radius-01 195.80.10.38/32
    set security address-book global address monitor-server 192.168.50.201/32
    set security address-book global address monitor-server-nic2 195.80.10.9/32
    set security address-book global address hex-radius-02 195.80.10.54/32
    set security address-book global address thw-dns-server 195.80.10.85/32
    set security address-book global address thw-dns-anycast1 195.80.10.81/32
    set security address-book global address thw-dns-anycast2 195.80.10.82/32
    set security address-book global address netopstest2-network 192.168.50.0/24
    set security address-book global address-set Cust-to-dmz-bidirectional address thw-lns-01
    set security address-book global address-set Cust-to-dmz-bidirectional address thw-radius-01
    set security address-book global address-set Cust-to-dmz-bidirectional address monitor-server
    set security address-book global address-set Cust-to-dmz-bidirectional address monitor-server-nic2
    set security address-book global address-set Cust-to-dmz-bidirectional address netopstest2-network
    set security forwarding-options family inet6 mode flow-based
    set security forwarding-options family iso mode packet-based
    set security policies from-zone Customer-Network to-zone ninegroup-radius policy Steve match source-address Cust-to-dmz-bidirectional
    set security policies from-zone Customer-Network to-zone ninegroup-radius policy Steve match destination-address Cust-to-dmz-bidirectional
    set security policies from-zone Customer-Network to-zone ninegroup-radius policy Steve match application junos-ntp
    set security policies from-zone Customer-Network to-zone ninegroup-radius policy Steve match application junos-pingv6
    set security policies from-zone Customer-Network to-zone ninegroup-radius policy Steve match application junos-ping
    set security policies from-zone Customer-Network to-zone ninegroup-radius policy Steve match application junos-dns-tcp
    set security policies from-zone Customer-Network to-zone ninegroup-radius policy Steve match application junos-dns-udp
    set security policies from-zone Customer-Network to-zone ninegroup-radius policy Steve match application RADIUS
    set security policies from-zone Customer-Network to-zone ninegroup-radius policy Steve match application junos-ssh
    set security policies from-zone Customer-Network to-zone ninegroup-radius policy Steve match application junos-http
    set security policies from-zone Customer-Network to-zone ninegroup-radius policy Steve match application junos-https
    set security policies from-zone Customer-Network to-zone ninegroup-radius policy Steve then permit
    set security policies from-zone Customer-Network to-zone ninegroup-radius policy Steve then log session-init
    set security policies from-zone ninegroup-radius to-zone Customer-Network policy Steve1 match source-address Cust-to-dmz-bidirectional
    set security policies from-zone ninegroup-radius to-zone Customer-Network policy Steve1 match destination-address Cust-to-dmz-bidirectional
    set security policies from-zone ninegroup-radius to-zone Customer-Network policy Steve1 match application junos-ntp
    set security policies from-zone ninegroup-radius to-zone Customer-Network policy Steve1 match application junos-pingv6
    set security policies from-zone ninegroup-radius to-zone Customer-Network policy Steve1 match application junos-ping
    set security policies from-zone ninegroup-radius to-zone Customer-Network policy Steve1 match application junos-dns-tcp
    set security policies from-zone ninegroup-radius to-zone Customer-Network policy Steve1 match application junos-dns-udp
    set security policies from-zone ninegroup-radius to-zone Customer-Network policy Steve1 match application RADIUS
    set security policies from-zone ninegroup-radius to-zone Customer-Network policy Steve1 match application junos-ssh
    set security policies from-zone ninegroup-radius to-zone Customer-Network policy Steve1 match application junos-http
    set security policies from-zone ninegroup-radius to-zone Customer-Network policy Steve1 match application junos-https
    set security policies from-zone ninegroup-radius to-zone Customer-Network policy Steve1 then permit
    set security policies from-zone ninegroup-radius to-zone Customer-Network policy Steve1 then log session-init
    set security policies from-zone Customer-Network to-zone Customer-Network policy Steve match source-address any
    set security policies from-zone Customer-Network to-zone Customer-Network policy Steve match destination-address any
    set security policies from-zone Customer-Network to-zone Customer-Network policy Steve match application any
    set security policies from-zone Customer-Network to-zone Customer-Network policy Steve then permit
    set security policies from-zone ninegroup-radius to-zone ninegroup-radius policy Steve1 match source-address Cust-to-dmz-bidirectional
    set security policies from-zone ninegroup-radius to-zone ninegroup-radius policy Steve1 match destination-address Cust-to-dmz-bidirectional
    set security policies from-zone ninegroup-radius to-zone ninegroup-radius policy Steve1 match application junos-ntp
    set security policies from-zone ninegroup-radius to-zone ninegroup-radius policy Steve1 match application junos-pingv6
    set security policies from-zone ninegroup-radius to-zone ninegroup-radius policy Steve1 match application junos-ping
    set security policies from-zone ninegroup-radius to-zone ninegroup-radius policy Steve1 match application junos-dns-tcp
    set security policies from-zone ninegroup-radius to-zone ninegroup-radius policy Steve1 match application junos-dns-udp
    set security policies from-zone ninegroup-radius to-zone ninegroup-radius policy Steve1 match application RADIUS
    set security policies from-zone ninegroup-radius to-zone ninegroup-radius policy Steve1 match application junos-ssh
    set security policies from-zone ninegroup-radius to-zone ninegroup-radius policy Steve1 match application junos-http
    set security policies from-zone ninegroup-radius to-zone ninegroup-radius policy Steve1 match application junos-https
    set security policies from-zone ninegroup-radius to-zone ninegroup-radius policy Steve1 then permit
    set security policies from-zone ninegroup-radius to-zone ninegroup-radius policy Steve1 then log session-init
    set security policies from-zone Customer-Network to-zone NineGroup-BTB policy radiusbtb match source-address hexradiusbtb
    set security policies from-zone Customer-Network to-zone NineGroup-BTB policy radiusbtb match destination-address thwradiusbtb
    set security policies from-zone Customer-Network to-zone NineGroup-BTB policy radiusbtb match application junos-icmp-all
    set security policies from-zone Customer-Network to-zone NineGroup-BTB policy radiusbtb then permit
    set security policies from-zone NineGroup-BTB to-zone Customer-Network policy radiusbtb1 match source-address thwradiusbtb
    set security policies from-zone NineGroup-BTB to-zone Customer-Network policy radiusbtb1 match destination-address hexradiusbtb
    set security policies from-zone NineGroup-BTB to-zone Customer-Network policy radiusbtb1 match application junos-icmp-all
    set security policies from-zone NineGroup-BTB to-zone Customer-Network policy radiusbtb1 then permit
    set security policies from-zone NineGroup-BTB to-zone NineGroup-BTB policy radiusbtb1 match source-address any
    set security policies from-zone NineGroup-BTB to-zone NineGroup-BTB policy radiusbtb1 match destination-address any
    set security policies from-zone NineGroup-BTB to-zone NineGroup-BTB policy radiusbtb1 match application any
    set security policies from-zone NineGroup-BTB to-zone NineGroup-BTB policy radiusbtb1 then permit
    set security policies from-zone Customer-Network to-zone netopstest2 policy netopstest match source-address any
    set security policies from-zone Customer-Network to-zone netopstest2 policy netopstest match destination-address any
    set security policies from-zone Customer-Network to-zone netopstest2 policy netopstest match application any
    set security policies from-zone Customer-Network to-zone netopstest2 policy netopstest then permit
    set security policies from-zone netopstest2 to-zone netopstest2 policy netopstest_1 match source-address any
    set security policies from-zone netopstest2 to-zone netopstest2 policy netopstest_1 match destination-address any
    set security policies from-zone netopstest2 to-zone netopstest2 policy netopstest_1 match application any
    set security policies from-zone netopstest2 to-zone netopstest2 policy netopstest_1 then permit
    set security policies from-zone netopstest2 to-zone Customer-Network policy netopstest_1 match source-address any
    set security policies from-zone netopstest2 to-zone Customer-Network policy netopstest_1 match destination-address any
    set security policies from-zone netopstest2 to-zone Customer-Network policy netopstest_1 match application any
    set security policies from-zone netopstest2 to-zone Customer-Network policy netopstest_1 then permit
    set security policies from-zone ninegroup-dns to-zone Customer-Network policy thw-ninegroupdns match source-address any
    set security policies from-zone ninegroup-dns to-zone Customer-Network policy thw-ninegroupdns match destination-address any
    set security policies from-zone ninegroup-dns to-zone Customer-Network policy thw-ninegroupdns match application any
    set security policies from-zone ninegroup-dns to-zone Customer-Network policy thw-ninegroupdns then permit
    set security policies from-zone Customer-Network to-zone ninegroup-dns policy thw-ninegroupdns-1 match source-address any
    set security policies from-zone Customer-Network to-zone ninegroup-dns policy thw-ninegroupdns-1 match destination-address any
    set security policies from-zone Customer-Network to-zone ninegroup-dns policy thw-ninegroupdns-1 match application any
    set security policies from-zone Customer-Network to-zone ninegroup-dns policy thw-ninegroupdns-1 then permit
    set security policies from-zone ninegroup-dns to-zone ninegroup-dns policy thw-ninegroupdns match source-address any
    set security policies from-zone ninegroup-dns to-zone ninegroup-dns policy thw-ninegroupdns match destination-address any
    set security policies from-zone ninegroup-dns to-zone ninegroup-dns policy thw-ninegroupdns match application any
    set security policies from-zone ninegroup-dns to-zone ninegroup-dns policy thw-ninegroupdns then permit
    set security zones security-zone ninegroup-radius host-inbound-traffic system-services all
    set security zones security-zone ninegroup-radius host-inbound-traffic protocols all
    set security zones security-zone ninegroup-radius interfaces ge-0/0/2.0
    set security zones security-zone ninegroup-radius interfaces lt-0/0/0.1
    set security zones security-zone ninegroup-radius interfaces lt-0/0/0.8
    set security zones security-zone Customer-Network host-inbound-traffic system-services all
    set security zones security-zone Customer-Network host-inbound-traffic protocols all
    set security zones security-zone Customer-Network interfaces lt-0/0/0.2
    set security zones security-zone Customer-Network interfaces ae2.0
    set security zones security-zone Customer-Network interfaces lt-0/0/0.4
    set security zones security-zone Customer-Network interfaces lt-0/0/0.6
    set security zones security-zone Customer-Network interfaces lt-0/0/0.10
    set security zones security-zone NineGroup-BTB host-inbound-traffic system-services all
    set security zones security-zone NineGroup-BTB host-inbound-traffic protocols all
    set security zones security-zone NineGroup-BTB interfaces lt-0/0/0.3
    set security zones security-zone NineGroup-BTB interfaces ge-0/0/4.0
    set security zones security-zone ninegroup-dns host-inbound-traffic system-services all
    set security zones security-zone ninegroup-dns host-inbound-traffic protocols all
    set security zones security-zone ninegroup-dns interfaces lt-0/0/0.5
    set security zones security-zone ninegroup-dns interfaces lt-0/0/0.7
    set security zones security-zone ninegroup-dns interfaces ge-0/0/6.0
    set security zones security-zone netopstest2 host-inbound-traffic system-services all
    set security zones security-zone netopstest2 host-inbound-traffic protocols all
    set security zones security-zone netopstest2 interfaces ge-0/0/8.0
    set security zones security-zone netopstest2 interfaces lt-0/0/0.9
    set interfaces ge-0/0/0 unit 0 family inet dhcp-client update-server
    set interfaces lt-0/0/0 unit 1 encapsulation ethernet
    set interfaces lt-0/0/0 unit 1 peer-unit 2
    set interfaces lt-0/0/0 unit 1 family inet address 20.20.20.1/30
    set interfaces lt-0/0/0 unit 1 family iso
    set interfaces lt-0/0/0 unit 2 encapsulation ethernet
    set interfaces lt-0/0/0 unit 2 peer-unit 1
    set interfaces lt-0/0/0 unit 2 family inet address 20.20.20.2/30
    set interfaces lt-0/0/0 unit 2 family iso
    set interfaces lt-0/0/0 unit 3 encapsulation ethernet
    set interfaces lt-0/0/0 unit 3 peer-unit 4
    set interfaces lt-0/0/0 unit 3 family inet address 30.30.30.1/30
    set interfaces lt-0/0/0 unit 3 family iso
    set interfaces lt-0/0/0 unit 4 encapsulation ethernet
    set interfaces lt-0/0/0 unit 4 peer-unit 3
    set interfaces lt-0/0/0 unit 4 family inet address 30.30.30.2/30
    set interfaces lt-0/0/0 unit 4 family iso
    set interfaces lt-0/0/0 unit 5 description to-customer-vr
    set interfaces lt-0/0/0 unit 5 encapsulation ethernet
    set interfaces lt-0/0/0 unit 5 peer-unit 6
    set interfaces lt-0/0/0 unit 5 family inet address 40.40.40.1/30
    set interfaces lt-0/0/0 unit 5 family iso
    set interfaces lt-0/0/0 unit 6 description to-ninegroup-dns
    set interfaces lt-0/0/0 unit 6 encapsulation ethernet
    set interfaces lt-0/0/0 unit 6 peer-unit 5
    set interfaces lt-0/0/0 unit 6 family inet address 40.40.40.2/30
    set interfaces lt-0/0/0 unit 6 family iso
    set interfaces lt-0/0/0 unit 7 description to-ninegroup-radius
    set interfaces lt-0/0/0 unit 7 encapsulation ethernet
    set interfaces lt-0/0/0 unit 7 peer-unit 8
    set interfaces lt-0/0/0 unit 7 family inet address 60.60.60.1/30
    set interfaces lt-0/0/0 unit 7 family iso
    set interfaces lt-0/0/0 unit 8 description to-ninegroup-dns
    set interfaces lt-0/0/0 unit 8 encapsulation ethernet
    set interfaces lt-0/0/0 unit 8 peer-unit 7
    set interfaces lt-0/0/0 unit 8 family inet address 60.60.60.2/30
    set interfaces lt-0/0/0 unit 8 family iso
    set interfaces lt-0/0/0 unit 9 description to-customer-vr
    set interfaces lt-0/0/0 unit 9 encapsulation ethernet
    set interfaces lt-0/0/0 unit 9 peer-unit 10
    set interfaces lt-0/0/0 unit 9 family inet address 65.65.65.1/30
    set interfaces lt-0/0/0 unit 9 family iso
    set interfaces lt-0/0/0 unit 10 description to-netopstest-network
    set interfaces lt-0/0/0 unit 10 encapsulation ethernet
    set interfaces lt-0/0/0 unit 10 peer-unit 9
    set interfaces lt-0/0/0 unit 10 family inet address 65.65.65.2/30
    set interfaces lt-0/0/0 unit 10 family iso
    set interfaces ge-0/0/2 unit 0 description To-RADIUS-Server
    set interfaces ge-0/0/2 unit 0 family inet address 195.80.0.37/30
    set interfaces ge-0/0/2 unit 0 family iso
    set interfaces ge-0/0/2 unit 0 family inet6 address xxxx
    set interfaces ge-0/0/3 unit 0 family inet
    set interfaces ge-0/0/4 unit 0 description To-RADIUSBTB-Server
    set interfaces ge-0/0/4 unit 0 family inet address 195.80.10.70/30
    set interfaces ge-0/0/4 unit 0 family iso
    set interfaces ge-0/0/4 unit 0 family inet6 address xxxx
    set interfaces ge-0/0/6 unit 0 description To-DNS-Server
    set interfaces ge-0/0/6 unit 0 family inet address 195.80.10.86/30
    set interfaces ge-0/0/6 unit 0 family iso
    set interfaces ge-0/0/6 unit 0 family inet6 address xxxx
    set interfaces ge-0/0/8 unit 0 description to-netopstest2-network
    set interfaces ge-0/0/8 unit 0 family inet address 192.168.50.210/24
    set interfaces ge-0/0/8 unit 0 family iso
    set interfaces xe-0/0/16 description Group-ae2
    set interfaces xe-0/0/16 gigether-options 802.3ad ae2
    set interfaces xe-0/0/17 unit 0 family inet
    set interfaces xe-0/0/18 description Group-ae2
    set interfaces xe-0/0/18 gigether-options 802.3ad ae2
    set interfaces ae2 unit 0 description TO-THW-CORE-01-ae2
    set interfaces ae2 unit 0 family inet address 195.80.10.18/30
    set interfaces ae2 unit 0 family iso
    set interfaces ae2 unit 0 family inet6 address xxxx
    set interfaces fxp0 unit 0 family inet address 185.89.120.8/24
    set interfaces lo0 unit 0 family inet address 195.80.10.3/32
    set interfaces lo0 unit 0 family iso address 49.0001.1950.0080.0014.00
    set interfaces lo0 unit 0 family inet6 address xxxx
    set interfaces lo0 unit 10 family iso address 49.0001.1950.0080.0114.00
    set interfaces lo0 unit 20 family iso address 49.0001.1950.0080.0224.00
    set interfaces lo0 unit 30 family iso address 49.0001.1950.0080.0334.00
    set interfaces lo0 unit 40 family iso address 49.0001.1950.0080.0444.00
    set interfaces lo0 unit 50 family iso address 49.0001.1950.0080.0554.00
    set snmp v3 usm local-engine user test authentication-md5 authentication-key "$9$Q9A.3CtRhSKvLREyKMWx7VwYg4Zkqfzn/wYFnCA0O7-dw4aJGDjk.JZ69tpB1VwsgGDq.5T36.mEcrlLXHq.5n/AtOIRSCABEyr8LDiHq5Q6/tRcy.P39pu1Idbw2gJHqmzF/go369CB1X7NdYgGUHPfz-V5QF6At7-dwYoji.Q36kqQn/Cu08Xx-ds"
    set snmp v3 usm local-engine user test privacy-aes128 privacy-key "$9$EbNSKM-Vw4oG-ds4aJDjqmfTQnpu1hylmfcyKvLXjHkmQF369Cp03nreMWx7qmPT69u0IRSr0OdbY2GUtu0IylvMXN-wKvxdsYZG9AtuIErlM-bs0BSeW87Nk.m5T3tuOhclTzSreKx7UjikfT6/tB1hHqIEcrvMjHkmfzCA0ESrpuEylK8LZUDHkP"
    set snmp v3 vacm security-to-group security-model usm security-name test group snmpgroup
    set snmp v3 vacm access group snmpgroup default-context-prefix security-model usm security-level authentication read-view allmibs
    set snmp engine-id use-default-ip-address
    set snmp view allmibs oid .1.3.6.1 include
    set snmp view allmibs oid .1 include
    set routing-options static route 195.80.10.69/32 next-hop 195.80.0.70
    set routing-options static route 195.80.10.9/32 next-hop 195.80.0.10
    set routing-options static route 192.168.50.0/24 next-hop 192.168.50.210
    set routing-options static route 195.80.10.38/32 next-hop 195.80.0.37
    set routing-options static route 195.80.10.85/32 next-hop 195.80.0.86
    set protocols isis level 1 authentication-key "$9$xNR7wgGUHm5FikF/A0hcM8X7bsgoJDHq"
    set protocols isis level 1 authentication-type md5
    set protocols isis level 2 authentication-key "$9$ynUrWxbwgJUH24Hm5FAtRhSrM8xNdsgo"
    set protocols isis level 2 authentication-type md5
    set protocols isis interface lo0.0
    set policy-options policy-statement From_Customer_To_Nine from instance Customer-VR
    set policy-options policy-statement From_Customer_To_Nine from protocol direct
    set policy-options policy-statement From_Customer_To_Nine then accept
    set policy-options policy-statement From_Nine_To_Customer from instance ninegroup-radius
    set policy-options policy-statement From_Nine_To_Customer from protocol direct
    set policy-options policy-statement From_Nine_To_Customer then accept
    set policy-options policy-statement export_statics term 1 from protocol static
    set policy-options policy-statement export_statics term 1 then accept
    set policy-options policy-statement from_hexradius_to_thwradius from instance Customer-VR
    set policy-options policy-statement from_hexradius_to_thwradius from protocol direct
    set policy-options policy-statement from_hexradius_to_thwradius then accept
    set policy-options policy-statement from_thwradius_to_hexradius from instance NineGroupBTB-VR
    set policy-options policy-statement from_thwradius_to_hexradius from protocol direct
    set policy-options policy-statement from_thwradius_to_hexradius then accept
    set access address-assignment pool junosDHCPPool family inet network 192.168.2.0/24
    set access address-assignment pool junosDHCPPool family inet range junosRange low 192.168.2.2
    set access address-assignment pool junosDHCPPool family inet range junosRange high 192.168.2.254
    set access address-assignment pool junosDHCPPool family inet dhcp-attributes router 192.168.2.1
    set access address-assignment pool junosDHCPPool family inet dhcp-attributes propagate-settings ge-0/0/0.0
    set routing-instances Customer-VR instance-type virtual-router
    set routing-instances Customer-VR interface lt-0/0/0.2
    set routing-instances Customer-VR interface lt-0/0/0.4
    set routing-instances Customer-VR interface lt-0/0/0.6
    set routing-instances Customer-VR interface lt-0/0/0.10
    set routing-instances Customer-VR interface ae2.0
    set routing-instances Customer-VR interface lo0.10
    set routing-instances Customer-VR protocols isis level 1 authentication-key "$9$3M.wntOhclMLNreNbYoji5QFnApO1RSlK"
    set routing-instances Customer-VR protocols isis level 1 authentication-type md5
    set routing-instances Customer-VR protocols isis level 2 authentication-key "$9$jgiPQ/9pBRStuSeMXbwJGDimfQFnCp0"
    set routing-instances Customer-VR protocols isis level 2 authentication-type md5
    set routing-instances Customer-VR protocols isis interface lt-0/0/0.2
    set routing-instances Customer-VR protocols isis interface lt-0/0/0.4
    set routing-instances Customer-VR protocols isis interface lt-0/0/0.6
    set routing-instances Customer-VR protocols isis interface lt-0/0/0.10
    set routing-instances Customer-VR protocols isis interface ae2.0
    set routing-instances Customer-VR protocols isis interface lo0.10
    set routing-instances NineGroupBTB-VR instance-type virtual-router
    set routing-instances NineGroupBTB-VR interface lt-0/0/0.3
    set routing-instances NineGroupBTB-VR interface ge-0/0/4.0
    set routing-instances NineGroupBTB-VR interface lo0.30
    set routing-instances NineGroupBTB-VR protocols isis level 1 authentication-key "$9$g74UHf5F/A0z30Ihr8Lbs24GDHqmTFn"
    set routing-instances NineGroupBTB-VR protocols isis level 1 authentication-type md5
    set routing-instances NineGroupBTB-VR protocols isis level 2 authentication-key "$9$Wn78-woaUH.5GD5F6A1IlKM8NdwYgJUj"
    set routing-instances NineGroupBTB-VR protocols isis level 2 authentication-type md5
    set routing-instances NineGroupBTB-VR protocols isis interface lt-0/0/0.3
    set routing-instances NineGroupBTB-VR protocols isis interface ge-0/0/4.0
    set routing-instances NineGroupBTB-VR protocols isis interface lo0.30
    set routing-instances netopstest2 instance-type virtual-router
    set routing-instances netopstest2 interface lt-0/0/0.9
    set routing-instances netopstest2 interface ge-0/0/8.0
    set routing-instances netopstest2 interface lo0.50
    set routing-instances netopstest2 protocols isis export export_statics
    set routing-instances netopstest2 protocols isis level 1 authentication-key "$9$KZDvxd2gJDHmaZmTF/0OSrevX7dbs4JG"
    set routing-instances netopstest2 protocols isis level 1 authentication-type md5
    set routing-instances netopstest2 protocols isis level 2 authentication-key "$9$g54UHf5F/A0z30Ihr8Lbs24GDHqmTFn"
    set routing-instances netopstest2 protocols isis level 2 authentication-type md5
    set routing-instances netopstest2 protocols isis interface lt-0/0/0.9
    set routing-instances netopstest2 protocols isis interface ge-0/0/8.0
    set routing-instances netopstest2 protocols isis interface lo0.50
    set routing-instances ninegroup-dns instance-type virtual-router
    set routing-instances ninegroup-dns interface lt-0/0/0.5
    set routing-instances ninegroup-dns interface lt-0/0/0.7
    set routing-instances ninegroup-dns interface ge-0/0/6.0
    set routing-instances ninegroup-dns interface lo0.40
    set routing-instances ninegroup-dns protocols isis level 1 authentication-key "$9$xSz7wgGUHm5FikF/A0hcM8X7bsgoJDHq"
    set routing-instances ninegroup-dns protocols isis level 1 authentication-type md5
    set routing-instances ninegroup-dns protocols isis level 2 authentication-key "$9$GxUqf3nCuBE9AEyeW-d4aZUk.fTz6Ct"
    set routing-instances ninegroup-dns protocols isis level 2 authentication-type md5
    set routing-instances ninegroup-dns protocols isis interface lt-0/0/0.5
    set routing-instances ninegroup-dns protocols isis interface lt-0/0/0.7
    set routing-instances ninegroup-dns protocols isis interface ge-0/0/6.0
    set routing-instances ninegroup-dns protocols isis interface lo0.40
    set routing-instances ninegroup-radius instance-type virtual-router
    set routing-instances ninegroup-radius interface lt-0/0/0.1
    set routing-instances ninegroup-radius interface lt-0/0/0.8
    set routing-instances ninegroup-radius interface ge-0/0/2.0
    set routing-instances ninegroup-radius interface lo0.20
    set routing-instances ninegroup-radius protocols isis export export_statics
    set routing-instances ninegroup-radius protocols isis level 1 authentication-key "$9$RplElM7Nb2oGVwGiqfn60BIEreM8X-bs"
    set routing-instances ninegroup-radius protocols isis level 1 authentication-type md5
    set routing-instances ninegroup-radius protocols isis level 2 authentication-key "$9$lc7eLNsYoGjq4aqfQnpuhSre8XNdb2oJ"
    set routing-instances ninegroup-radius protocols isis level 2 authentication-type md5
    set routing-instances ninegroup-radius protocols isis interface lt-0/0/0.1
    set routing-instances ninegroup-radius protocols isis interface lt-0/0/0.8
    set routing-instances ninegroup-radius protocols isis interface ge-0/0/2.0
    set routing-instances ninegroup-radius protocols isis interface lo0.20
    set applications application RADIUS term 1 protocol udp
    set applications application RADIUS term 1 destination-port 1812-1814

     

    My apologies for the length of the config.

    I can ping from my desktop on the 192.168 network to the thw-radius server but I cannot get to the GUI (HTTP/HTTPS) although I am allowing that through.

    On the other SRX I can access the RADIUS server but it does not have the netopstest2 network associated as it comes in on the customer interface.

     

    Can anyone see any obvious reason why HTTP access just will not work please?

     

    Also, I can SSH onto this SRX and although the other SRX is configured correctly, I cannot SSH onto it.


    Thanks

     

     

     



  • 2.  RE: HTTP and SSH Issue
    Best Answer

     
    Posted 02-28-2018 08:42

    Always manage to resolve my own problem.... ignore....

     

    Just in case for anyone else..... I managed to get access to the RADIUS server and thought I may as well try restarting the network and http daemon services. Come back to my desk, retry and everything works okay. I now have HTTP and SSH access.

     

    Thank you for your time