Original Message:
Sent: 02-17-2023 08:28
From: EIT
Subject: Assistance required with setting up a SRX340 with 2 LAN's. Currently unable to access the internet
Hi Ben,
Thanks for your message.
Your static IP hosts on irb.0 and irb.1 have gateways pointing to the SRX - Yes they are set to either 192.168.1.1 or 192.168.2.1 depending on the network they are on.
The SRX (their local gateway) - Yes
The SRX external interface - No
The upstream gateway - No
I have changed the source NAT with what you have sent through.
Is there a better config setup that I should be using , even just to get online?
------------------------------
Stewart Shram
Original Message:
Sent: 02-16-2023 14:11
From: bkamen
Subject: Assistance required with setting up a SRX340 with 2 LAN's. Currently unable to access the internet
Hey Stewart,
Sanity check - Your static IP hosts on irb.0 and irb.1 have gateways pointing to the SRX on irb0 and irb1, yes? (I'm assuming yes but asking to be sure)
Can your IRB hosts ping->
The SRX (their local gateway) (I'm assuming "yes" -- but make sure this one works too)
The SRX external interface? (i.e. x.x.x.y ) (I'm assuming "no")
The upstream gateway? (i.e. the GW x.x.x.x) (I'm assuming also "no")
One item is that the SRC_NAT is a little simpler. (it may not matter, but it may help debugging)
Because you're using a zone to define the transfer of packets, your source NAT could just be:
source { rule-set source-nat-all { from zone trust; to zone untrust; rule source-nat-all { match { source-address 0.0.0.0/0; destination-address 0.0.0.0/0; } then { source-nat { interface; } } } } }
Also, if you want irb0 and irb1 to be able to talk to each other and they are both considered "trusted" -- you might also need a policy:
from-zone trust to-zone trust { policy trust-to-trust { match { source-address any; destination-address any; application any; } then { permit; } } }
------------------------------
Ben Kamen
Original Message:
Sent: 02-16-2023 11:01
From: EIT
Subject: Assistance required with setting up a SRX340 with 2 LAN's. Currently unable to access the internet
Hello,
I hope someone can help with my dilemma.
I am trying to setup an SRX340 running software version 21.2R3-S3.5 but running in to some problems being able to access the internet.
I have setup ge-0/0/0.0 to connect to the router and this is using a static address x.x.x.x/29
I then have ge-0/0/1.0 and ge-0/0/2.0 setup on irb.0 with an address of 192.168.1.1/24, the PC's on this network all have static IP addresses so will not need IP addresses issued from DHCP.
Finally I have ge-0/0/3.0 setup on irb.1 with a address of IP 192.168.2.1/24, again the computers on this network all have static IP addresses and will not need IP Addresses issued from DHCP.
I can ping the IP's on irb.0 and irb.1, for example 192.168.1.5 or 192.168.2.2.
I can ping 8.8.8.8 from ge-0/0/0.0
I can't ping 8.8.8.8 from irb.0 or irb.1
I can't ping or traceroute any address for example google.com from any interface.
I am probably missing something very simple like I have put the DNS or Default Gateway in the wrong place, but I'm unsure, so your help would be greatly appreciate.
I have attached the current config excluding user details and ISP IP Addresses.
x.x.x.x being the ISP gateway
x.x.x.y being the ISP IP Address for the SRX
------------------------------
STEWART SHRAM
------------------------------