[j-nsp] JunOS ES
Eugeniu Patrascu
eugeniu.patrascu at gmail.com
Wed Apr 2 09:50:06 EDT 2008
Jonathan Looney wrote:
> You need to enable the proper protocols in the host-inbound-traffic
> stanza in the security zone configuration. You can do this either at
> the security zone level or the interface level. If you don't list a
> protocol there, traffic destined to the router using that protocol
> will be dropped.
>
> Further, if the traffic will be arriving on one interface, but
> destined to a different interface (such as would be the case for
> traffic arriving on a physical interface, but bound for the loopback
> interface), you must have a security policy to allow the traffic.
>
> HTHs
>
Hi,
Thank you very much, this is what I was looking for.
Probably below there are redundant statements and surely I'm missing
something, but this is what worked for me.
$show configuration security zones
security-zone Trust {
host-inbound-traffic {
system-services {
all;
}
}
interfaces {
ge-0/0/3.0 {
host-inbound-traffic {
protocols {
all;
}
}
}
}
}
This is a router for testing and i needed to access it remotely for
trying out different configurations.
Regards,
Eugen.
> -Jon
>
> On Wed, Apr 2, 2008 at 9:11 AM, Eugeniu Patrascu
> <eugeniu.patrascu at gmail.com <mailto:eugeniu.patrascu at gmail.com>> wrote:
>
> Hello,
>
> I have an issue with JunOS ES 9.0R2.10: I can't access it remotely
> either by telnet/ssh/webmanagement. I tried creating a firewall filter
> to accept all packets, put it inbound/outbound on my ge-0/0/3
> interface.
>
> Is there a catch to the Enhanced Services that it needs special
> tweaking
> to allow remote access on the router ?
>
> I tried looking on juniper site for clues but so far I haven't found
> anything to help me out.
>
> Thanks,
>
> Eugen.
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> <mailto:juniper-nsp at puck.nether.net>
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>
More information about the juniper-nsp
mailing list