Good day,
My provider doens't provide extra ip's
So i found another provider that provide a small subnet over a GRE tunnel. Sound perfect. however they don't support juniper.
since they support many other types of firewall's i think this shouldn't be a problem.
however i can't get it to work.
Some interesting parts of my configration.
the security policies from and to the zone lan <> extraip are currently set to any.
interfaces {
gr-0/0/0 {
unit 0 {
tunnel {
source [local wan ip];
destination [tunnel servers ip];
}
family inet {
address [provided subenet first ip]/29;
}
}
}
security {
nat {
source {
rule-set extraip {
from zone lan;
to zone untrust-extraip;
rule source-nat-rule-extraip {
match {
source-address 0.0.0.0/0;
destination-address 0.0.0.0/0;
}
then {
source-nat {
interface;
}
}
}
}
}
destination {
rule-set extraip {
from zone untrust-extraip;
rule mark-nas3-http-extraip {
match {
destination-address 0.0.0.0/0;
destination-port {
80;
}
}
then {
destination-nat {
pool {
webserver-80;
}
}
}
}
}
}
zones {
security-zone untrust-extraip
interfaces {
gr-0/0/0.0 {
host-inbound-traffic {
system-services {
ping;
}
}
}
}
routing-instances {
extraip {
instance-type virtual-router;
interface gr-0/0/0.0;
routing-options {
static {
route 0.0.0.0/0 next-hop gr-0/0/0.0;
}
}
}
If i do a "show interfaces gr-0/0/0 " the output looks prommising. however there are no input packages
Physical interface: gr-0/0/0, Enabled, Physic``al link is Up
Interface index: 143, SNMP ifIndex: 521
Type: GRE, Link-level type: GRE, MTU: Unlimited, Speed: 800mbps
Link flags : Scheduler Keepalives DTE
Device flags : Present Running
Interface flags: Point-To-Point
Input rate : 0 bps (0 pps)
Output rate : 0 bps (0 pps)
Logical interface gr-0/0/0.0 (Index 91) (SNMP ifIndex 544)
Flags: Point-To-Point SNMP-Traps 0x0 IP-Header [tunnel-server]:[local-wan-ip]:47:df:64:0000000000000000 Encapsulation: GRE-NULL
Copy-tos-to-outer-ip-header: Off
Gre keepalives configured: Off, Gre keepalives adjacency state: down
Input packets : 0
Output packets: 108
Security: Zone: untrust-extraip
Allowed host-inbound traffic : bfd bgp dvmrp igmp ldp msdp nhrp ospf ospf3 pgm pim rip ripng router-discovery rsvp sap vrrp ping
Protocol inet, MTU: 1350
Flags: Sendbcast-pkt-to-re, Is-Primary, User-MTU
Addresses, Flags: Is-Default Is-Preferred Is-Primary
Destination: [networkadres/29, Local: [provided subenet first ip], Broadcast: [broadcast]
Also a ping isn't doing much good.
run ping 1.1.1.1 routing-instance extraip
PING 1.1.1.1 (1.1.1.1): 56 data bytes
^C
--- 1.1.1.1 ping statistics ---
5 packets transmitted, 0 packets received, 100% packet loss
I have 5 day's left in the trial. and need to make sure there are no errors in my configuration.