Security

 View Only
last person joined: yesterday 

Ask questions and share experiences with Juniper Connected Security. Discuss Advanced Threat Protection, SecIntel, Secure Analytics, Secure Connect, Security Director, and all things related to Juniper security technologies.

Unable to connect to Juniper secure connect using two isp's (we are using static routes)

  • 1.  Unable to connect to Juniper secure connect using two isp's (we are using static routes)

    Posted 06-10-2021 02:44
    Hi Team,

    we have implemented the juniper secure connect and since we use static routes for two isp and we cannot use two default routes at a time so we thought of doing destination nat on blaze 210--external firewall connected to internet

    ex : my ip 183.83.161.151 if this hits the loopback present on blaze 340 10.2.0.10/29 nat 183.83.161.151  to interface ip 10.2.0.1/29 so in this was the loopback will take the 10.2.0.1/29  as next hop instead of default route which points to 10.2.0./29.



    I can see the nat is happening on the blaze 210 but i can't see any traffic coming to our core firewall srx 340 . 

    flow logs in blaze 210 external firewall:

    Session ID: 50592, Policy name: untrust-to-trust/10, Timeout: 2, Valid
    In: 183.83.161.151/67 --> 10.2.0.10/36239;icmp, If: fe-0/0/7.0, Pkts: 1, Bytes: 92
    Out: 10.2.0.10/36239 --> 10.2.0.1/11804;icmp, If: fe-0/0/6.20, Pkts: 0, Bytes: 0

    loopback ip doesn't respond with any bytes even for icmp. are we supposed to deploy juniper secure connect only on reth interfaces?casue it's working fine for reth1

    we have assigned a zone to loopback ip 10.2.0.10/29 and allowed the inbound services as any and policies  as any but it doesn't work.

    can we connect to juniper secure connect on loopback ip ?

    ------------------------------
    Scan Bake
    ------------------------------