Junos OS

 View Only
last person joined: yesterday 

Ask questions and share experiences about Junos OS.
  • 1.  Configuration DVR - IP DYNAMIC - DYNDNS

    Posted 03-27-2021 16:04

    Olá amigos da comunidade. tudo bom ?

    Estou com um problema, acredito que seja muito fácil para você. LOL

    Eu tenho um Juniper SRX300 e eu preciso para liberar o acesso externo à Segurança Câmeras DVR.

    Segue o cenário criado: SRX300

    1. Configurei DNS Dinâmico e está tudo OK, identifica meu ip pois não tenho link de ip fixo no momento.

    2. Configure o destino NAT de segurança - Eu configurei o IP e a porta do DVR. E eu configurei o Destination NAT POOL.

    3. Configurar segurança Regras de política de segurança Eu configurei as regras de segurança.

    Mesmo assim não funciona, alguém pode me ajudar?

    Muito obrigado.



    ------------------------------
    Leandro Gomes
    ------------------------------


  • 2.  RE: Configuration DVR - IP DYNAMIC - DYNDNS

    Posted 03-28-2021 06:06
    If you post your configuration stanzas we can have a look and see what may be the mis match.
    Just change the public ip to something generic.

    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
    http://puluka.com/home
    ------------------------------



  • 3.  RE: Configuration DVR - IP DYNAMIC - DYNDNS

    Posted 03-28-2021 10:06

    Good morning friend, thank you very much for your help.

    Link Principal Port 4
    Link Backup Port 5

    Services
    dynamic-dns {
    client my_company.dyndns.org {
    server dyndns;
    username my_user;
    password "my_password";
    interface ge-0/0/4.0;
    }
    }


    NAT

    {
    source {
    rule-set NAT {
    from zone [ TRUST junos-host ];
    to zone [ UNTRUST-ISP1 UNTRUST-ISP2 ];
    rule TRUST-UNTRUST {
    match {
    source-address 0.0.0.0/0;
    destination-address 0.0.0.0/0;
    }
    then {
    source-nat {
    interface;
    }
    }
    }
    }
    }
    destination {
    pool DVR_3000 {
    routing-instance {
    default;
    }
    address 10.0.39.5/32 port 3000;
    }
    pool DVR_3001 {
    routing-instance {
    default;
    }
    address 10.0.39.5/32 port 3001;
    }
    rule-set DVR_3000 {
    from zone UNTRUST-ISP1;
    rule DVR_3000 {
    match {
    destination-address 0.0.0.0/0;
    destination-port {
    3000;
    }
    }
    then {
    destination-nat {
    pool {
    DVR_3000;
    }
    }
    }
    }
    rule DVR_3001 {
    match {
    destination-address 0.0.0.0/0;
    destination-port {
    3001;
    }
    }
    then {
    destination-nat {
    pool {
    DVR_3001;
    }
    }
    }
    }
    }
    }
    }



    Policies

    from-zone UNTRUST-ISP1 to-zone TRUST {
    policy UNSTRUST_TRUST {
    match {
    source-address any;
    destination-address DVR_3000;
    application any;
    }
    then {
    permit;
    }
    }
    }



    ------------------------------
    Leandro Gomes
    ------------------------------



  • 4.  RE: Configuration DVR - IP DYNAMIC - DYNDNS

    Posted 04-25-2021 06:32
    Sorry for the delay in response.

    Doing some testing, it appears you must match the subnet size on your destination nat rule.  So to forward this you are going to need to change the 0.0.0.0/0 to the specific /32 address used in the connection request.

    destination-address 0.0.0.0/0;

    Naturally since this is dhcp right now it would also mean you need to change it when the address changes.

    I would also confirm with the DVR vendor documentation that no other ports are needed.  The ones I have worked with generally also require https for view feeds.

    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
    http://puluka.com/home
    ------------------------------