SRX

 View Only
last person joined: 13 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  SRX PROXY-ARP

    Posted 05-14-2018 05:23

    Hope to get solution 🙂

     

    I have given ISP block xx.70.190.30/30 with 128 Public IP in different subnet on the gateway of primary ISP subnet xx.70.190.29.

    when i tried to map public IP to internal server due to subnet in different network proxy-arp not functioning they way used to to.

     

    Wondering if any way to map on SRX for 128 public IP series,

     

     



  • 2.  RE: SRX PROXY-ARP

    Posted 05-14-2018 08:29

    I'm not 100% sure I understand your question. You provided a /25 (128 addresses) on top of a /30 for client peering? The /30 interface would not use proxy-arp, in this case, you would just route the /25 via the /30 interface (using BGP/static, etc). If the client is NAT'ing the public /25 to internal addresses, they would just configure static-nat/destination-nat like normal without the need for proxy-arp. 



  • 3.  RE: SRX PROXY-ARP

    Posted 05-14-2018 23:03

    Thanks Mr. Jonathan

     

    I did 0.0.0.0/0 with a static route via /30 interface and /25 Network with a static route as well to /30 interface.

    when i apply static nat with out proxy-arp of /25 network, till not able to NAT /25 public to internal.

     

    Is it any thing i am i missing.

    here route config

    root@DC-CVP-GW# show routing-options static
    route 0.0.0.0/0 next-hop xx.xx.xxx.29; ------> Gateway of /30 Network Interface
    route xx.xxx.xx.128/25 next-hop xx.xx.xxx.30;  ------> /25 Network (Additional public IP)

     

    root@DC-CVP-GW> show route

    inet.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both

    0.0.0.0/0          *[Static/5] 20:21:44
                        > to xx.xx.xxx.29 via ge-0/0/0.0     ------> /30 Network ISP line
    xx.xx.xxx.28/30    *[Direct/0] 20:21:44
                        > via ge-0/0/0.0
    xx.xx.xxx.30/32    *[Local/0] 20:21:44
                          Local via ge-0/0/0.0
    192.168.1.0/24     *[Direct/0] 00:23:09
                        > via vlan.0
    192.168.1.1/32     *[Local/0] 23:10:47
                          Local via vlan.0

     



  • 4.  RE: SRX PROXY-ARP
    Best Answer

    Posted 05-15-2018 03:51

    This is not correct:

    route xx.xxx.xx.128/25 next-hop xx.xx.xxx.30;  ------> /25 Network (Additional public IP)

     

    Your ISP will route xx.xx.xx.128/25 to YOUR side of the /30 network.  

     

    You will use them downstream on your SRX from there.

    You can just configure static or destination nat directly (no proxy arp needed as noted above)

    Or you can break them into subnets to route in your internal network.

    Or you can put an interface in that subnet or smaller ones directly on your SRX.

     

    But you cannot route them back to the ISP this is a routing loop.

     



  • 5.  RE: SRX PROXY-ARP

    Posted 07-07-2018 22:57

    Thanks Spuluka

     

    Yes it was an ISP route issues and i have changed 25 network as an primary gateway.