Security

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



Unable to connect to Juniper secure connect using two isp's (we are using static routes)

  • 1.  Unable to connect to Juniper secure connect using two isp's (we are using static routes)

    Posted 06-10-2021 02:44
    Hi Team,

    we have implemented the juniper secure connect and since we use static routes for two isp and we cannot use two default routes at a time so we thought of doing destination nat on blaze 210--external firewall connected to internet

    ex : my ip 183.83.161.151 if this hits the loopback present on blaze 340 10.2.0.10/29 nat 183.83.161.151  to interface ip 10.2.0.1/29 so in this was the loopback will take the 10.2.0.1/29  as next hop instead of default route which points to 10.2.0./29.



    I can see the nat is happening on the blaze 210 but i can't see any traffic coming to our core firewall srx 340 . 

    flow logs in blaze 210 external firewall:

    Session ID: 50592, Policy name: untrust-to-trust/10, Timeout: 2, Valid
    In: 183.83.161.151/67 --> 10.2.0.10/36239;icmp, If: fe-0/0/7.0, Pkts: 1, Bytes: 92
    Out: 10.2.0.10/36239 --> 10.2.0.1/11804;icmp, If: fe-0/0/6.20, Pkts: 0, Bytes: 0

    loopback ip doesn't respond with any bytes even for icmp. are we supposed to deploy juniper secure connect only on reth interfaces?casue it's working fine for reth1

    we have assigned a zone to loopback ip 10.2.0.10/29 and allowed the inbound services as any and policies  as any but it doesn't work.

    can we connect to juniper secure connect on loopback ip ?

    ------------------------------
    Scan Bake
    ------------------------------