Hi, I have a question, I'm starting to work with Juniper and I'm having trouble SSH connection to the device. I am using 2 vSRX running on GNS3 and have created a network Host -> Switch-> Firewall I changed the operating mode of the device: set security forwarding-options family mpls mode packet-based and rebooted the device. Devices are able to ping from host, however from host I can only connect via SSH to SRX (firewall) SRX(switch) stops after 60 seconds (connection timed out)
SRX:
system {
host-name switch;
root-authentication {
encrypted-password "$6$zQ6HVWdo$rc4o.XcCI9c2sk4l/7dpCE7ylN1cZu5u4JqnWn08VAjYVFc.s7lUcc5642DTuZvvJPW9hBpabQM/Oox/ZVEjO."; ## SECRET-DATA
}
services {
ssh;
netconf {
ssh {
port 830;
}
rfc-compliant;
}
security {
forwarding-options {
family {
mpls {
mode packet-based;
}
}
}
}
interfaces {
ge-0/0/0 {
unit 0 {
family ethernet-switching {
interface-mode trunk;
vlan {
members [ 20 99 admin pracownicy ];
}
}
}
}
ge-0/0/1 {
unit 0 {
family ethernet-switching {
interface-mode access;
vlan {
members admin;
}
}
}
}
irb {
unit 99 {
family inet {
address 12.0.0.3/8;
}
}
}
}
vlans {
admin {
vlan-id 99;
l3-interface irb.99;
}
pracownicy {
vlan-id 20;
}
}
system {
host-name FireWall;
root-authentication {
encrypted-password "$6$puKcsYUz$qLj.sIrT/vSWiUUWOifsjmhGqPtQNrX4RlBhGjpYfbusAGs5mGI5xVX2gF/FElPcBw8Y9jYIeo/bRwQ6Kiue5/"; ## SECRET-DATA
}
login {
user PyNet {
uid 2001;
class super-user;
authentication {
encrypted-password "$6$peYctrmQ$souUfll57mw8IeWoMepzC5mmXMv07poeE8lxLTIrmtF/nB4VFordbead1A3yZ1zdKUWWt9.S/omxgP1grG3RE."; ## SECRET-DATA
}
}
}
services {
ssh {
root-login allow;
}
netconf {
ssh {
port 830;
}
rfc-compliant;
}
}
}
security {
policies {
from-zone untrust to-zone untrust {
policy trust-to-trust {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
}
zones {
security-zone untrust {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
ge-0/0/1.0;
ge-0/0/0.99;
}
}
}
}
interfaces {
ge-0/0/0 {
vlan-tagging;
unit 99 {
vlan-id 99;
family inet {
address 12.0.0.1/8;
}
}
}
ge-0/0/1 {
unit 0 {
family inet {
address 10.0.1.1/8;
}
}
}
}
vlans {
vlan-trust {
vlan-id 99;
}
}
------------------------------
Mariusz Daroch
------------------------------