Well, turns out that I just needed to call Verizon and have them refresh the line, since all my configs were correct to begin with.
Original Message:
Sent: 12-07-2023 11:24
From: JOEY OFFICER
Subject: Internet Connection to LTE Mini PIM -- Stumped
There are a couple of how-tos out there with reference to Dual ISP WAN setup, including several within the Juniper community forum. We're not load balancing our outbound traffic, but we do have dual ISP setup, so I thought I'd share what's currently working for us
srx345-1> show configuration interfaces ae1 | display setset interfaces ae1 description "Fiber Uplink"set interfaces ae1 aggregated-ether-options link-speed 1gset interfaces ae1 aggregated-ether-options lacp activeset interfaces ae1 unit 0 family inet address 1.1.1.2/28srx345-1> show configuration interfaces ae2 | display setset interfaces ae2 description "Cable Uplink"set interfaces ae2 aggregated-ether-options link-speed 1gset interfaces ae2 aggregated-ether-options lacp activeset interfaces ae2 unit 0 family inet address 2.2.2.2/29brk-srx345-1> show configuration routing-instances | display setset routing-instances spectrum interface ae2.0set routing-instances spectrum instance-type virtual-routerset routing-instances spectrum routing-options static route 0.0.0.0/0 next-hop 2.2.2.1brk-srx345-1> show configuration routing-options | display setset routing-options interface-routes rib-group inet spectrumset routing-options static route 0.0.0.0/0 next-hop 1.1.1.1set routing-options static route 0.0.0.0/0 qualified-next-hop 2.2.2.1 preference 20deactivate routing-options static route 0.0.0.0/0 qualified-next-hop 2.2.2.1set routing-options static route 0.0.0.0/0 preference 30set routing-options rib-groups spectrum import-rib inet.0set routing-options rib-groups spectrum import-rib spectrum.inet.0set routing-options forwarding-table export load-balancesrx345-1> ping source 1.1.1.2 4.2.2.2 count 1PING 4.2.2.2 (4.2.2.2): 56 data bytes64 bytes from 4.2.2.2: icmp_seq=0 ttl=53 time=9.340 ms--- 4.2.2.2 ping statistics ---1 packets transmitted, 1 packets received, 0% packet lossround-trip min/avg/max/stddev = 9.340/9.340/9.340/0.000 mssrx345-1> ping routing-instance spectrum source 2.2.2.2. 4.2.2.2 count 1PING 4.2.2.1 (4.2.2.1): 56 data bytes64 bytes from 4.2.2.1: icmp_seq=0 ttl=57 time=17.332 ms--- 4.2.2.1 ping statistics ---1 packets transmitted, 1 packets received, 0% packet lossround-trip min/avg/max/stddev = 17.332/17.332/17.332/0.000 ms
The first couple of bits are just creating the interfaces and route setup. The final ping examples are shown using unique routes out, you'll notice the difference in response time shows to verify different links/speeds.
------------------------------
JOEY OFFICER
Original Message:
Sent: 12-06-2023 12:10
From: A.Vanson
Subject: Internet Connection to LTE Mini PIM -- Stumped
Greetings,
I have an SRX 345 unit with an LTE mini-PIM card that's connected to the cellular carrier (is configured and connected.)
I've spent (too many) hours trying to get this unit to ping 8.8.8.8 via the LTE interface, but as yet, I'm just stumped and I can't see right now what I'm missing.
Could someone take a look at the config and tell me what I'm not seeing? I've based some of this config off of some of the tutorials online (e.g. interface ge-0/0/1).
Any help would be much appreciated.
Thank you.
## Last changed: 2023-12-06 09:38:47 MSTversion 18.4R3-S2;system { commit delta-export; root-authentication { encrypted-password "xxxxxx"; ## SECRET-DATA } services { ssh { root-login allow; } netconf { ssh; } web-management { http { interface fxp0.0; } https { system-generated-certificate; } } } host-name vilton; time-zone America/Phoenix; name-server { 8.8.8.8; 8.8.4.4; } syslog { archive size 100k files 3; user * { any emergency; } file messages { any notice; authorization info; } file interactive-commands { interactive-commands any; } file LOG-Accepted-Traffic { any any; match RT_FLOW_SESSION_CREATE; archive size 1m files 3; } file LOG-Blocked-Traffic { any any; match RT_FLOW_SESSION_DENY; archive size 1m files 3; } file LOG-Sessions { any any; match RT_FLOW; archive size 1m files 3; } } max-configurations-on-flash 5; max-configuration-rollbacks 5; license { autoupdate { url https://ae1.juniper.net/junos/key_retrieval; } }}security { flow { traceoptions { file flow-trace size 10m files 5; packet-filter forward-packet { protocol icmp; destination-prefix 8.8.8.8/32; } packet-filter reverse-packet { protocol icmp; source-prefix 8.8.8.8/32; } trace-level { detail; } } }nat { source { rule-set LocalToInternet { from zone [ AV Guest IOT Main Net Security ]; to zone Internet; rule InternetSourceNAT { match { destination-address 0.0.0.0/0; } then { source-nat { interface; } } } } } } policies { from-zone Main to-zone Net { policy AllowAll { match { source-address any; destination-address any; application any; } then { permit; } } } from-zone Main to-zone Internet { policy AllowAll { match { source-address any; destination-address any; application any; } then { permit; } } } from-zone Guest to-zone Internet { policy AllowAll { match { source-address any; destination-address any; application any; } then { permit; } } } from-zone IOT to-zone Internet { policy AllowAll { match { source-address any; destination-address any; application any; } then { permit; } } } from-zone Security to-zone Internet { policy AllowAll { match { source-address any; destination-address any; application any; } then { permit; } } } from-zone AV to-zone Internet { policy AllowAll { match { source-address any; destination-address any; application any; } then { permit; } } } from-zone Main to-zone Security { policy AllowAll { match { source-address any; destination-address any; application any; } then { permit; } } } from-zone Main to-zone Guest { policy AllowAll { match { source-address any; destination-address any; application any; } then { permit; } }} from-zone Main to-zone AV { policy AllowAll { match { source-address any; destination-address any; application any; } then { permit; } } } from-zone Net to-zone Internet { policy AllowAll { match { source-address any; destination-address any; application any; } then { permit; } } } from-zone Net to-zone Net { policy AllowAll { match { source-address any; destination-address any; application any; } then { permit; } } } } zones { security-zone Net { interfaces { ge-0/0/14.0 { host-inbound-traffic { system-services { any-service; } } } irb.1 { host-inbound-traffic { system-services { any-service; } } } } }security-zone Main { interfaces { irb.1110 { host-inbound-traffic { system-services { any-service; } } } } } security-zone Guest { interfaces { irb.1120 { host-inbound-traffic { system-services { any-service; } } } } } security-zone Security { interfaces { irb.1130 { host-inbound-traffic { system-services { any-service; } } } } } security-zone IOT { interfaces { irb.1140 { host-inbound-traffic { system-services { any-service; } } } } } security-zone AV { interfaces { irb.1150 { host-inbound-traffic { system-services { any-service; } } } } } security-zone Internet { host-inbound-traffic { system-services { all; } protocols { all; } } interfaces { dl0.0 { host-inbound-traffic { system-services { any-service; } } } ge-0/0/1.0; } } }}interfaces { ge-0/0/0 { native-vlan-id 1; unit 0 { family ethernet-switching { interface-mode trunk; vlan { members all; } } } } ge-0/0/1 { unit 0 { description "LTE Backup Interface"; family inet { address 10.121.1.2/24; } } } ge-0/0/2 { unit 0; } ge-0/0/3 { unit 0 { family ethernet-switching; } } ge-0/0/4 { unit 0 { family ethernet-switching; } } ge-0/0/5 { unit 0 { family ethernet-switching; }} ge-0/0/6 { unit 0 { family ethernet-switching; } } ge-0/0/7 { unit 0 { family ethernet-switching; } } ge-0/0/8 { unit 0 { family ethernet-switching; } } ge-0/0/9 { unit 0 { family ethernet-switching; } } ge-0/0/10 { unit 0 { family ethernet-switching; } } ge-0/0/11 { unit 0 { family ethernet-switching; } } ge-0/0/12 { unit 0 { family ethernet-switching; } } ge-0/0/13 { unit 0 { family ethernet-switching; } } ge-0/0/14 { unit 0 { family inet { address 10.121.99.2/24; } } } ge-0/0/15 { description "Primary WAN Interface"; native-vlan-id 1; unit 0 { family ethernet-switching { interface-mode trunk; vlan { members all;} } } cl-1/0/0 { dialer-options { pool 1 priority 100; } act-sim 1; cellular-options { sim 1 { select-profile profile-id 1; radio-access automatic; } } } dl0 { unit 0 { family inet { negotiate-address; } family inet6 { negotiate-address; } dialer-options { pool 1; dial-string "*99***1#"; always-on; } } } fxp0 { unit 0 { family inet { address 10.121.98.1/24; } } } irb { unit 1 { family inet { address 10.121.100.1/24; } } unit 1110 { family inet { address 10.121.110.1/24; } } unit 1120 { family inet { address 10.121.120.1/24; } } unit 1130 { family inet { address 10.121.130.1/24; } } unit 1140 { family inet { address 10.121.140.1/24; } } unit 1150 { family inet { address 10.121.150.1/24; } } }}snmp { location "Server Room"; contact "support"; community public { authorization read-only; }}forwarding-options { dhcp-relay { server-group { dhcp-server { 10.121.100.92; } } active-server-group dhcp-server; group dhcp { interface irb.1; interface irb.1110; interface irb.1120; interface irb.1130; interface irb.1140; interface irb.1150; } }}vlans { AV { vlan-id 1150; l3-interface irb.1150; } Guest { vlan-id 1120; l3-interface irb.1120; } IOT { vlan-id 1140; l3-interface irb.1140; } Main { vlan-id 1110; l3-interface irb.1110; } Net { vlan-id 1100; } Security { vlan-id 1130; l3-interface irb.1130; } vlan1 { vlan-id 1; l3-interface irb.1; }}protocols { l2-learning { global-mode switching; } rstp { interface all; }}routing-options { static { route 0.0.0.0/0 next-hop 10.121.1.1; }}