vSRX

 View Only

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



Expand all | Collapse all

vSRX in eve-ng: No input packets on directly connected interfaces. No ping or OSPF peering either!

  • 1.  vSRX in eve-ng: No input packets on directly connected interfaces. No ping or OSPF peering either!

    Posted 10-29-2021 05:53
    I am really stuck. Need to fix this to keep my labbing going. Here's the problem,
    vSRX1 and 2 are directly connected on ge-0/0/0 (unit 0). IPs on same subnet, OSPF and Firewall configuration look good to me. But still they don't see each other.

    root@vSRX1# run show interfaces ge-0/0/0.0
    Logical interface ge-0/0/0.0 (Index 71) (SNMP ifIndex 524)
    Flags: Up SNMP-Traps 0x4004000 Encapsulation: ENET2
    Input packets : 0
    Output packets: 2872
    Security: Zone: trust
    Allowed host-inbound traffic : bootp bfd bgp dns dvmrp igmp ldp msdp nhrp
    ospf ospf3 pgm pim rip ripng router-discovery rsvp sap vrrp dhcp finger ftp
    tftp ident-reset http https ike netconf ping reverse-telnet reverse-ssh
    rlogin rpm rsh snmp snmp-trap ssh telnet traceroute xnm-clear-text xnm-ssl
    lsping ntp sip dhcpv6 r2cp webapi-clear-text webapi-ssl tcp-encap
    sdwan-appqoe high-availability
    Protocol inet, MTU: 1500
    Max nh cache: 100000, New hold nh limit: 100000, Curr nh cnt: 0,
    Curr new hold cnt: 0, NH drop cnt: 0
    Flags: Sendbcast-pkt-to-re, Is-Primary
    Addresses, Flags: Is-Preferred Is-Primary
    Destination: 12.0.0/24, Local: 12.0.0.1, Broadcast: 12.0.0.255

    [edit]
    root@vSRX1#

    root@vSRX2# run show interfaces ge-0/0/0.0
    Logical interface ge-0/0/0.0 (Index 71) (SNMP ifIndex 524)
    Flags: Up SNMP-Traps 0x4004000 Encapsulation: ENET2
    Input packets : 0
    Output packets: 2865
    Security: Zone: trust
    Allowed host-inbound traffic : bootp bfd bgp dns dvmrp igmp ldp msdp nhrp
    ospf ospf3 pgm pim rip ripng router-discovery rsvp sap vrrp dhcp finger ftp
    tftp ident-reset http https ike netconf ping reverse-telnet reverse-ssh
    rlogin rpm rsh snmp snmp-trap ssh telnet traceroute xnm-clear-text xnm-ssl
    lsping ntp sip dhcpv6 r2cp webapi-clear-text webapi-ssl tcp-encap
    sdwan-appqoe high-availability
    Protocol inet, MTU: 1500
    Max nh cache: 100000, New hold nh limit: 100000, Curr nh cnt: 0,
    Curr new hold cnt: 0, NH drop cnt: 0
    Flags: Sendbcast-pkt-to-re, Is-Primary
    Addresses, Flags: Is-Preferred Is-Primary
    Destination: 12.0.0/24, Local: 12.0.0.2, Broadcast: 12.0.0.255

    [edit]
    root@vSRX2#

    root@vSRX1# run show configuration | display set
    set version 21.2R1.10
    set system host-name vSRX1
    set system root-authentication encrypted-password "$6$iMrBL1eu$Mhw62RDF8pzXKB0irdaL54odMleWP0zgUN0R0oj8uM3rPLwf.KnUUl/.IDRnjWVYEfX7jBkRWtPteiwrKC2Da1"
    set system services ssh
    set system services web-management http interface fxp0.0
    set system services web-management https system-generated-certificate
    set system services web-management https interface fxp0.0
    set system syslog file interactive-commands interactive-commands any
    set system syslog file messages any any
    set system syslog file messages authorization info
    set system license autoupdate url https://ae1.juniper.net/junos/key_retrieval
    set security forwarding-options family inet6 mode packet-based
    set security forwarding-options family mpls mode packet-based
    set security forwarding-options family iso mode packet-based
    set security zones security-zone trust tcp-rst
    set security zones security-zone trust host-inbound-traffic system-services all
    set security zones security-zone trust host-inbound-traffic protocols all
    set security zones security-zone trust interfaces ge-0/0/0.0 host-inbound-traffic system-services all
    set security zones security-zone trust interfaces ge-0/0/0.0 host-inbound-traffic protocols all
    set interfaces ge-0/0/0 unit 0 family inet address 12.0.0.1/24
    set interfaces fxp0 unit 0
    set interfaces lo0 unit 0 family inet address 1.1.1.1/32
    set protocols ospf area 0.0.0.0 interface ge-0/0/0.0
    set protocols ospf area 0.0.0.0 interface lo0.0 passive
    set routing-options router-id 1.1.1.1

    [edit]
    root@vSRX1#

    root@vSRX2# run show configuration | display set
    set version 21.2R1.10
    set system host-name vSRX2
    set system root-authentication encrypted-password "$6$gApZnHVL$.w3HPuIEL9K5AQTyHS0rggi4.k5AJxv.5VNRHa8T787.mRXl13P9wb6BhprfeCm3oqkS7BThYcATkTWWQ0Hjt0"
    set system services ssh
    set system services web-management http interface fxp0.0
    set system services web-management https system-generated-certificate
    set system services web-management https interface fxp0.0
    set system syslog file interactive-commands interactive-commands any
    set system syslog file messages any any
    set system syslog file messages authorization info
    set system license autoupdate url https://ae1.juniper.net/junos/key_retrieval
    set security forwarding-options family inet6 mode packet-based
    set security forwarding-options family mpls mode packet-based
    set security forwarding-options family iso mode packet-based
    set security zones security-zone trust tcp-rst
    set security zones security-zone trust host-inbound-traffic system-services all
    set security zones security-zone trust host-inbound-traffic protocols all
    set security zones security-zone trust interfaces ge-0/0/0.0 host-inbound-traffic system-services all
    set security zones security-zone trust interfaces ge-0/0/0.0 host-inbound-traffic protocols all
    set interfaces ge-0/0/0 unit 0 family inet address 12.0.0.2/24
    set interfaces fxp0 unit 0
    set interfaces lo0 unit 0 family inet address 2.2.2.2/32
    set protocols ospf area 0.0.0.0 interface ge-0/0/0.0
    set protocols ospf area 0.0.0.0 interface lo0.0 passive
    set routing-options router-id 2.2.2.2

    [edit]
    root@vSRX2#

    Please help!!!

    ------------------------------
    SENTHILKUMAR MURUGESAN
    ------------------------------


  • 2.  RE: vSRX in eve-ng: No input packets on directly connected interfaces. No ping or OSPF peering either!

     
    Posted 11-01-2021 05:46

    I see that for your forwarding-options you are using packet based mode. Which means you are using your SRX as a routing device, however you have security zones and screen configured.
     

    To use SRX as router, remove the security configurations with packet mode.

    To use your SRX as a firewall, keep your security configurations but change the forwarding options to flow mode and reboot your device for it to take effect.

    cheers!



    ------------------------------
    BENJAMINONEKALIT OBURA
    ------------------------------