[j-nsp] SRX and IPv6
Matthew M North
matthew.north at gmail.com
Tue Nov 30 19:47:18 EST 2010
Martin,
I am running IPv6 Tunnelbroker from Huricane Electric on my SRX 210
10.3R1.9 no issues.
The IPv6 configuration is similar to IPv4 on your SRX.
Here is some examples off my SRX, hope it helps, more/better stuff out
on google.
--
#My Inside interface, dual-stack
interfaces {
ge-0/0/0 {
unit 0 {
family inet {
address 192.168.0.1/24;
}
family inet6 {
address 2001:470:5:fff::1/64;
}
}
}
#IPv6 Tunnel interface to Huricane Electric
ip-0/0/0 {
unit 0 {
tunnel {
source 98.1.2.4;
destination 209.1.2.4;
}
family inet6 {
address 2001:470:4:fff::2/64;
}
}
}
#IPv6 Default Route
routing-options {
rib inet6.0 {
static {
route ::/0 next-hop 2001:470:4:fff::1;
}
}
}
#For Zones, just add the interface under the security->zone section
like normal ipv4
#Also under security section, add in ipv6 forward, then reboot (check
out http://blog.kramse.org/blojsom/blog/default/IPv6/Juniper-SRX210-Junos-10-2-flow-based-IPv6-forwarding?smm=y)
security {
zones {
security-zone trust {
tcp-rst;
address-book {
}
interfaces {
ge-0/0/0.0 {
host-inbound-traffic {
system-services {
ssh;
ping;
}
}
}
}
}
forwarding-options {
family {
inet6 {
mode packet-based;
}
}
}
--Matt
On Tue, Nov 30, 2010 at 2:38 PM, martin papik <papik at utia.cas.cz> wrote:
> Hi,
>
> We have SRX device.
> I need to configure 3 zones (Trust, Untrust, DMZ) and each zone will have
> one interface in inet6.
> The DMZ is for DNS IPv6 server and Untrust for Inet and Trust for LAN (ipv6
> also).
> And as second I will need maybe trunk interface for inet6.
>
> Please if you have any trivial example ??? of this conf send it.
>
> Thanks
>
> Martin
> IT staff
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
More information about the juniper-nsp
mailing list