Security

Unable to connect to Juniper secure connect using two isp's (we are using static routes)

  • 1.  Unable to connect to Juniper secure connect using two isp's (we are using static routes)

    Posted 13 days ago
    Hi Team,

    we have implemented the juniper secure connect and since we use static routes for two isp and we cannot use two default routes at a time so we thought of doing destination nat on blaze 210--external firewall connected to internet

    ex : my ip 183.83.161.151 if this hits the loopback present on blaze 340 10.2.0.10/29 nat 183.83.161.151  to interface ip 10.2.0.1/29 so in this was the loopback will take the 10.2.0.1/29  as next hop instead of default route which points to 10.2.0./29.



    I can see the nat is happening on the blaze 210 but i can't see any traffic coming to our core firewall srx 340 . 

    flow logs in blaze 210 external firewall:

    Session ID: 50592, Policy name: untrust-to-trust/10, Timeout: 2, Valid
    In: 183.83.161.151/67 --> 10.2.0.10/36239;icmp, If: fe-0/0/7.0, Pkts: 1, Bytes: 92
    Out: 10.2.0.10/36239 --> 10.2.0.1/11804;icmp, If: fe-0/0/6.20, Pkts: 0, Bytes: 0

    loopback ip doesn't respond with any bytes even for icmp. are we supposed to deploy juniper secure connect only on reth interfaces?casue it's working fine for reth1

    we have assigned a zone to loopback ip 10.2.0.10/29 and allowed the inbound services as any and policies  as any but it doesn't work.

    can we connect to juniper secure connect on loopback ip ?

    ------------------------------
    Scan Bake
    ------------------------------