|
Juniper SSG5 and Heartbeat Tunnel
![[de]](/s/countries/de.gif) Shadow Hawkins on Thursday, 10 December 2015 13:39:46
Hi there,
I'm trying to set up a tunnel using my SSG5.
The firewall is stated behind a NAT'ing device, but the public IP is static. I don't have any NAT rules for incoming traffic.
ethernet0/0 is my 'external' interface. The tunnel won't come up and stays 'ready'. With aiccu it seems to work. The firewall policy on my SSG5 is any/any/allow
set interface "ethernet0/0" zone "Untrust"
set interface "tunnel.6" zone "Untrust"
set interface ethernet0/0 ip 10.65.239.1/16
set interface "ethernet0/0" ipv6 mode "host"
set interface "ethernet0/0" ipv6 ip 2001:xxxx:xxxx:1xxx::2/64
set interface "ethernet0/0" ipv6 enable
set interface ethernet0/0 route
set interface tunnel.6 ip unnumbered interface ethernet0/0
set interface "tunnel.6" ipv6 mode "host"
set interface "tunnel.6" ipv6 enable
set interface tunnel.6 tunnel encap ip6in4 manual
set interface tunnel.6 tunnel local-if ethernet0/0 dst-ip 78.35.24.124
set interface tunnel.6 mtu 1280
Any ideas?
Juniper SSG5 and Heartbeat Tunnel
Shadow Hawkins on Thursday, 10 December 2015 13:43:20
Edit: Firmware is 6.2.0r5.0
Juniper SSG5 and Heartbeat Tunnel
I'm trying to set up a tunnel using my SSG5.
As the subject states 'heartbeat tunnel', you will need to run a heartbeat client somewhere.
The firewall is stated behind a NAT'ing device, but the public IP is static.
If you have a static IP you do not need heartbeat.
As you have a NAT, you would have to either terminate the tunnel on the NAT or tell the NAT to forward proto-41 packets to the appropriate device.
I don't have any NAT rules for incoming traffic.
Then it won't work.
With aiccu it seems to work.
Same tunnel? The Heartbeat or did you switch it to AYIYA?
I recall the Wiki containing a section on configuring a SSG properly....
|
![[ch]](/s/countries/ch.gif)
on Thursday, 10 December 2015 14:00:49
Posting is only allowed when you are