SRX Next-Gen Firewalls

 View Only
last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

Welcome!

If you have a question or a use case, likely there are others who are experiencing or worked through the same thing. Don't hesitate to jump in and ask or share your knowledge!

Need additional guidance?  Check out these Juniper Resources.

Juniper Threat LabsSRX Upgrade Guide Security Advisories Technical Bulletins

Latest Discussion Posts

  • Profile Picture

    RE: SRX VPN Tunnel down

    First, your proxy IDs overlap, I'm not sure that's OK: Local Identity: ipv4_subnet(any:0,[0..7]=10.70.5.0/24) Local Identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0) If you already have 0/0 as one ID, why keep 10.70.5.0/24? The problem reported ...

  • Hi Francis, Yes, I've used it like this in my system. It was explained this way in the Juniper guide (YouTube I think).

  • If users are getting the invalid realm when they authenticate, make sure the name of the VPN they are putting in has the same upper and lower case letters. It is capitol sensitive. Mac users get this because the Mac likes to make the first letter a capitol. ...

  • Profile Picture

    RE: SRX VPN Tunnel down

    Try deleting the monitoring (both ends of course): delete security ipsec vpn Jakarta_VoIP vpn-monitor [Oct 9 08:16:57]ike_st_o_qm_done: Quick Mode negotiation done [Oct 9 08:16:57]ike_send_notify: Connected, SA = { 9ef6a221 ac21dfa4 - aed1244e 27c6a76d}, ...

  • Hi, Unfortunately the tunnel is still down. I have attached two files from both devices. ------------------------------ Naida Kukuruzovic ------------------------------

  • Profile Picture

    RE: SRX VPN Tunnel down

    The dynamic IP side should always initiate the connections as the static side cannot know the IP of the dynamic. Use this on the dynamic IP side: set security ipsec vpn name establish-tunnels immediately By omitting this on the static side, it will ...

  • Hmmm ... Tue Oct 08 2024 08:53:07 +0200: Peer's IKE-ID validation failed during negotiation (4 times) Double-check the IKE gateway settings on both sides. Also, the two VPNs may be fighting with each other. ------------------------------ Nikolay ...

Announcements

  • Introducing Juniper Support Portal (JSP) Mobile App for iOS

    The Juniper Support Portal (JSP) Mobile App is now available for customer use on iOS platforms. The app is designed to provide mobile access for on-the-go service support. 

    What’s available?

    • Live Chat Support
    • Instant Notifications
    • Knowledge Base Access 

Unanswered Posts

Top Contributors in the Community