Author Archives: pankajsheoran

Packet capture on SRX for pass through traffic

Specify the file name and size of the file: set forwarding-options packet-capture file filename pcap_on_srx set forwarding-options packet-capture maximum-capture-size 150 Specify the source and destination which you want to capture: set firewall filter PCAP term 1 from source-address 192.168.1.1/32 set … Continue reading

Posted in Juniper SRX | Tagged , , | Leave a comment

Route based VPN on SRX

Create Tunnel interface: set security zones security-zone external interfaces st0.1 set routing-options static route 172.16.1.1/32 next-hop st0.1 set security ike proposal phase1-proposal-route-based authentication-method pre-shared-keys set security ike proposal phase1-proposal-route-based dh-group group2 set security ike proposal phase1-proposal-route-based encryption-algorithm 3des-cbc set security … Continue reading

Posted in Juniper SRX | Tagged , | Leave a comment

NAT in SRX

Following is the topology: Source NAT: set security nat source pool source-nat-pool address 10.2.2.3/32 set security nat source rule-set source-nat-rule-set from zone internal set security nat source rule-set source-nat-rule-set to zone external set security nat source rule-set source-nat-rule-set rule rule-1 … Continue reading

Posted in Juniper SRX | Tagged | Leave a comment

IPSec between ASA and SRX Policy based

Following is the topology: 12.12.12.0/24 is behind ASA and 192.168.4.0/24 is behind SRX. SRX configuration: set security ike proposal phase-1-proposal authentication-method pre-shared-keys set security ike proposal phase-1-proposal dh-group group2 set security ike proposal phase-1-proposal authentication-algorithm md5 set security ike proposal … Continue reading

Posted in ASA, Juniper SRX | Leave a comment

Configure IPSec (IKEV1) on ASA 9.x

Configure phase 1 policy: crypto ikev1 policy 1 authentication pre-share encryption 3des hash md5 group 2 lifetime 86400 Enable phase 1 on interface: crypto ikev1 enable outside Specify the preshared key: tunnel-group 192.168.3.2 type ipsec-l2l tunnel-group 192.168.3.2 ipsec-attributes ikev1 pre-shared-key … Continue reading

Posted in ASA | Leave a comment

Cluster status is disabled SRX

In SRX if the cluster status is showing as disabled then it has to be resolved by a reboot. {disabled:node1} SRX> show chassis cluster status Cluster ID: 1 Node                  Priority          Status    Preempt  Manual failover Redundancy group: 0 , Failover count: … Continue reading

Posted in Juniper SRX | Leave a comment

Bypass SSL inspection in zscaler

Posted in Uncategorized | Leave a comment