Hi everybody!
I am really struggling to configure Juniper SRX240 with JunOS12.1 to route the traffic. I have whole class of public ip-addresses, which I need to route through the router. My parameters:
ISP ip: x.x.x.40/28
ISP gw: x.x.x.43/28
Public ip: y.y.y.0/24
Currently the router gw: y.y.y.6/24
Configuration:
version 12.1R2.9;
system {
host-name ZZZ;
time-zone Europe/Helsinki;
root-authentication {
encrypted-password "
}
name-server {
y.y.y.1;
x.x.x.12;
}
login {
user {
full-name "";
uid 2000;
class super-user;
authentication {
encrypted-password "";
ET-DATA
}
}
}
services {
ssh;
telnet;
xnm-clear-text;
web-management {
http {
interface [ vlan.0 ge-0/0/0.0 ];
}
https {
system-generated-certificate;
interface [ vlan.0 ge-0/0/0.0 ];
}
}
dhcp {
router {
y.y.y.6;
}
pool y.y.y.0/24 {
address-range low y.y.y.1.7 high y.y.y.1.254;
}
propagate-settings ge-0/0/0.0;
}
}
syslog {
archive size 100k files 3;
user * {
any emergency;
}
file messages {
any critical;
authorization info;
}
file interactive-commands {
interactive-commands error;
}
}
max-configurations-on-flash 5;
##
## Warning: statement ignored: unsupported platform (srx240h)
##
max-configuration-rollbacks 5;
license {
autoupdate {
url https://ae1.juniper.net/junos/key_retrieval;
}
}
}
interfaces {
ge-0/0/0 {
unit 0 {
family inet {
address x.x.x.40/28;
}
}
}
ge-0/0/1 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
ge-0/0/2 {
unit 0 {
family inet {
dhcp;
}
}
}
ge-0/0/3 {
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
members vlan-trust;
}
}
}
}
ge-0/0/4 {
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
members default;
}
}
}
}
ge-0/0/5 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
ge-0/0/6 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
ge-0/0/7 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
ge-0/0/8 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
ge-0/0/9 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
ge-0/0/10 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
ge-0/0/11 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
ge-0/0/12 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
ge-0/0/13 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
ge-0/0/14 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
ge-0/0/15 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
vlan {
unit 0 {
family inet {
address y.y.y.6/24;
}
}
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop x.x.x.40;
}
}
protocols {
stp;
}
security {
screen {
ids-option untrust-screen {
icmp {
ping-death;
}
ip {
source-route-option;
tear-drop;
}
tcp {
syn-flood {
alarm-threshold 1024;
attack-threshold 200;
source-threshold 1024;
destination-threshold 2048;
timeout 20;
}
land;
}
}
}
nat {
source {
rule-set trust-to-untrust {
from zone trust;
to zone untrust;
rule source-nat-rule {
match {
source-address 0.0.0.0/0;
}
then {
source-nat {
interface;
}
}
}
}
}
}
policies {
from-zone trust to-zone untrust {
policy trust-to-untrust {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
}
zones {
security-zone trust {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
vlan.0 {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
}
ge-0/0/2.0;
ge-0/0/3.0;
ge-0/0/4.0;
}
}
security-zone untrust {
screen untrust-screen;
interfaces {
ge-0/0/0.0;
}
}
security-zone junos-host;
}
}
vlans {
vlan-trust {
vlan-id 3;
l3-interface vlan.0;
}
}
From the configuration next-hop should be ok, I believe, but when I check it, with command "run show route terse", I get:
inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
A Destination P Prf Metric 1 Metric 2 Next hop AS path
* y.y.y.0/24 D 0 >vlan.0
* y.y.y.6/32 L 0 Local
* x.x.x.40/32 L 0 Reject
"run show interfaces terse" gives:
Interface Admin Link Proto Local Remote
ge-0/0/0 up down
ge-0/0/0.0 up up inet x.x.x.40/28
gr-0/0/0 up up
ip-0/0/0 up up
lsq-0/0/0 up up
lt-0/0/0 up up
mt-0/0/0 up up
sp-0/0/0 up up
sp-0/0/0.0 up up inet
sp-0/0/0.16383 up up inet 10.0.0.1 --> 10.0.0.16
10.0.0.6 --> 0/0
128.0.0.1 --> 128.0.1.16
128.0.0.6 --> 0/0
ge-0/0/1 up up
ge-0/0/1.0 up up eth-switch
ge-0/0/2 up down
ge-0/0/2.0 up up inet
ge-0/0/3 up down
ge-0/0/3.0 up down eth-switch
My goal is, to get from interface ge-0/0/0 internet connection and ge-0/0/2 to route traffic to network.
I would really appreciate any help.