I've been configuring a SRX-300 the past couple weeks - first time setting one up from scratch.
We have a /29 from comcast and currently use two of the addresses in production.
Our internal network is 192.168.44.0/24 with the gateway address of 192.168.44.2 (I inherited this)
I congiured ge-0/0/4 with the same internal IP as our current functioning router.
Ports are configured as follows.
ge-0/0/0 - x.x.x.145/29 <-- one of the unused /29 addresses
ge-0/0/1 - 192.168.1.0/24 <-- test machine connected to this port
ge-0/0/2 - 192.168.2.0/24 - unused
ge-0/0/3 - 192.168.3.0/24 - unused
ge-0/0/4 - 192.168.44.2/24 <-- this is our actual internal network
ge-0/0/5 - 192.168.5.0/24 - unused
ge-0/0/0 is untrust
ge-0/0/1-5 are in trust
Testing setup
ge-0/0/0 = x.x.x.145/29 (the unused /29 address)
ge-0/0/1 = 192.168.1.0/24 - test computer connected to this port directly
ge-/0/0/4 = 192.168.44.2/24 - configured with the same address as our current router. I had a computer connected to this port directly (isolated from the existing network).
All of my testing worked fine.
Steps to install.
- Disconnected the current router.
- Attached ge-0/0/4 to our current network. (configured with the same internal address as the existing router)
- Added x.x.x.148 to ge-0/0/0 (x.x.x.148 is the production IP address assigned to our current router)
- the original testing address of x.x.x.145 was not removed from ge-0/0/0)
- Attached ge-0/0/0 to the modem
Everything broke.
The 192.168..44.0 network could not communicate with the outside world.
The 192.168.1.0 network could not communicate with the outside world
I could not ping an external IP address from either of the networks.
I could not ping an external IP address from the Juniper.
I've compared the two configurations and the only changes made are
Original Working
interfaces {
ge-0/0/0 {
unit 0 {
family inet {
address x.x.x.145/29;
Broken
interfaces {
ge-0/0/0 {
unit 0 {
family inet {
address x.x.x.148/32;
address x.x.x.145/32;
The routing options were not changed but I've included them here:
routing-options {
static {
route 0.0.0.0/0 next-hop x.x.x.150; <-- gateway provided y ISP
}
}
My suspicion is I changed the subnet masks from /29 to /32 on ge-0/0/0 but am not entirely sure. Obviously I would like to figure this out before I try again.
I have attached a copy of the broken configuration with the IP addresses suitably generified (changed the first three octets),
Thanks