dear i have moved from cisco meraki to juniper srx 320 now it was very hard i was able to setup internet with great difficulty but help on this place
now i have to access 10.199.0.7 from sdwan device that is connected to juniper but i am not able to set it up properly after 3 days of constact trying.
## Last changed: 2024-03-25 14:38:13 GST
version 15.1X49-D50.3;
system {
host-name SepcoDxb;
time-zone Asia/Dubai;
root-authentication {
encrypted-password "$5$4DyJWl39$zR0QXqLhk.Z2GEDydb1d4Sgk4meIp4eLryMqgDDPFlA";
}
name-server {
208.67.222.222;
208.67.220.220;
}
name-resolution {
no-resolve-on-input;
}
services {
ssh;
telnet;
web-management {
http {
interface ge-0/0/1.0;
}
https {
system-generated-certificate;
interface ge-0/0/1.0;
}
session {
idle-timeout 60;
}
}
dhcp {
domain-name ######################;
name-server {
192.168.1.2;
}
router {
192.168.1.1;
}
pool 192.168.0.0/23 {
address-range low 192.168.0.50 high 192.168.1.254;
exclude-address {
192.168.1.2;
192.168.1.3;
192.168.1.4;
192.168.1.5;
192.168.1.6;
192.168.1.7;
192.168.1.8;
192.168.1.9;
192.168.1.10;
192.168.1.11;
192.168.1.12;
192.168.1.13;
192.168.1.14;
192.168.1.15;
192.168.1.16;
192.168.1.17;
192.168.1.18;
}
domain-name ######################;
name-server {
206.67.222.222;
206.67.220.220;
192.168.1.2;
192.168.1.1;
}
router {
192.168.1.1;
}
}
pool 192.168.199.0/24 {
address-range low 192.168.199.2 high 192.168.199.254;
router {
192.168.199.1;
}
}
static-binding 00:10:7f:83:ed:a2 {
fixed-address {
192.168.1.50;
}
router {
192.168.1.1;
}
}
static-binding 00:10:74:c7:85:f6 {
fixed-address {
192.168.1.60;
}
router {
192.168.1.1;
}
}
static-binding 96:9b:f5:5d:ce:2e {
fixed-address {
192.168.1.100;
}
router {
192.168.1.1;
}
}
propagate-ppp-settings pp0.0;
}
}
syslog {
archive size 100k files 3;
user * {
any emergency;
}
file messages {
any critical;
authorization info;
}
file interactive-commands {
interactive-commands error;
}
}
max-configurations-on-flash 5;
max-configuration-rollbacks 5;
license {
autoupdate {
url
https://ae1.juniper.net/junos/key_retrieval; }
}
ntp {
server us.ntp.pool.org;
}
}
security {
flow {
tcp-mss {
all-tcp {
mss 1310;
}
}
}
screen {
ids-option untrust-screen {
icmp {
ping-death;
}
ip {
source-route-option;
tear-drop;
}
tcp {
syn-flood {
alarm-threshold 1024;
attack-threshold 200;
source-threshold 1024;
destination-threshold 2048;
timeout 20;
}
land;
}
}
}
nat {
source {
pool SD-WAN-POOL {
address {
192.168.199.1/32 to 192.168.199.255/32;
}
port {
no-translation;
}
}
rule-set nsw_srcnat {
from zone Internal;
to zone Internet;
rule nsw-src-interface {
match {
source-address 0.0.0.0/0;
destination-address 0.0.0.0/0;
}
then {
source-nat {
interface;
}
}
}
}
rule-set SDWAN-RULE {
from zone Internal;
to zone sdwan-china;
rule SDWAN-RULE {
match {
source-address 0.0.0.0/0;
destination-address 0.0.0.0/0;
}
then {
source-nat {
interface;
}
}
}
rule internal-sdwan-traffic {
description internal-sdwan-traffic;
match {
source-address 192.168.0.45/32;
destination-address 192.168.199.2/32;
}
then {
source-nat {
interface;
}
}
}
}
}
destination {
pool port-forwarding-pool {
routing-instance {
default;
}
address 192.168.199.2/32;
}
pool translated-pool {
address 192.168.0.45/32;
}
rule-set port-forwarding {
from zone Internet;
rule port-forwarding-rule-1 {
match {
destination-address 192.168.199.2/32;
destination-port {
16999;
}
}
then {
destination-nat {
pool {
port-forwarding-pool;
}
}
}
}
rule port-forwarding-rule-2 {
match {
destination-address 192.168.199.2/32;
destination-port {
17443;
}
}
then {
destination-nat {
pool {
port-forwarding-pool;
}
}
}
}
rule port-forwarding-rule-3 {
match {
destination-address 192.168.199.2/32;
destination-port {
11998;
}
}
then {
destination-nat {
pool {
port-forwarding-pool;
}
}
}
}
}
rule-set dest-nat-rule-set {
from zone Internal;
rule dest-nat-rule {
match {
destination-address 192.168.0.45/32;
}
then {
destination-nat {
pool {
translated-pool;
}
}
}
}
}
}
}
policies {
from-zone Internal to-zone Internet {
policy All_Internal_Internet {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
policy AllowAll_Internet_Internal {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone Internet to-zone Internal {
policy AllowAll_Internet_Internal {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone Internal to-zone Internal {
policy Internal-Access {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone sdwan-china to-zone Internal {
policy All_sdwan-internal {
match {
source-address any;
destination-address any;
application any;
source-identity any;
}
then {
permit;
}
}
}
from-zone Internal to-zone sdwan-china {
policy All-internal-sdwan {
match {
source-address any;
destination-address any;
application any;
source-identity any;
}
then {
permit;
}
}
}
from-zone sdwan-china to-zone Internet {
policy All-sdwan-internet {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone Internet to-zone sdwan-china {
policy all-sdwan-internet {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
}
zones {
security-zone Internal {
interfaces {
ge-0/0/1.0 {
host-inbound-traffic {
system-services {
ping;
dhcp;
http;
https;
ssh;
telnet;
}
}
}
}
}
security-zone Internet {
interfaces {
pp0.0;
ge-0/0/0.0;
}
}
security-zone sdwan-china {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
ge-0/0/2.0 {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
}
}
}
security-zone untrust;
}
}
interfaces {
ge-0/0/0 {
unit 0 {
encapsulation ppp-over-ether;
}
}
ge-0/0/1 {
unit 0 {
family inet {
address 192.168.8.1/24;
address 192.168.1.1/23;
}
}
}
ge-0/0/2 {
unit 0 {
family inet {
address 192.168.199.1/24;
}
}
}
irb {
unit 0 {
family inet {
address 192.168.1.1/23;
}
}
unit 1 {
family inet {
address 192.168.2.1/24;
}
}
unit 2 {
family inet {
address 192.168.199.1/24;
}
}
}
pp0 {
unit 0 {
apply-macro Startup_Connection;
ppp-options {
chap {
default-chap-secret "######################";
local-name ######################;
passive;
}
pap {
local-name 9######################;
local-password "$9$JgGqm369AuO/9Lx7dsY36/9O1evWXNdSybs2gJZtu0Iyl8X7-wYKv";
passive;
}
}
pppoe-options {
underlying-interface ge-0/0/0.0;
}
family inet {
negotiate-address;
}
}
}
}
routing-options {
static {
route 0.0.0.0/0 {
qualified-next-hop pp0.0 {
metric 1;
}
}
route 10.199.0.0/16 next-hop 192.168.0.45;
route 192.168.11.0/24 next-hop 192.168.0.45;
route 192.168.12.0/24 next-hop 192.168.0.45;
route 172.17.13.0/24 next-hop 192.168.0.45;
route 172.16.14.0/24 next-hop 192.168.0.45;
route 192.168.100.0/22 next-hop 192.168.0.45;
route 172.25.0.0/22 next-hop 192.168.0.45;
route 10.19.0.0/16 next-hop 192.168.0.45;
}
}
protocols {
l2-learning {
global-mode switching;
}
}
vlans {
VLAN199 {
description sepco-sdwan;
vlan-id 199;
l3-interface irb.2;
}
VLAN2 {
description sepco-data;
vlan-id 2;
l3-interface irb.0;
}
VLAN3 {
description sepco-voice;
vlan-id 3;
l3-interface irb.1;
}
}