[j-nsp] Juniper SRX MNHA
Aaron Gould
aaron1 at gvtc.com
Mon Aug 4 17:36:22 EDT 2025
I found the issue. Seems it was related to the default nat state, using
interface ip nat overload (pat). I'm guessing since the interface ip is
used for the translations, it didn't match the interface ip on the
backup srx. once I changed from the default nat state, to use a pool, it
worked!
srx01...
Session ID: 765924, Policy name: default-permit/5, HA State: Active,
Timeout: 1800, Session State: Valid
In: 192.168.11.5/29276 --> 246.246.246.98/22;tcp, Conn Tag: 0x0, If:
ae2.0, Pkts: 21, Bytes: 1640, HA Wing State: Active,
Out: 246.246.246.98/22 --> 123.123.123.255/1029;tcp, Conn Tag: 0x0, If:
ae1.0, Pkts: 18, Bytes: 2712, HA Wing State: Active,
Total sessions: 1
-------------------------------------------------------------------------------------------------------------------------------------------------------
srx02... (see session is now present and marked Warm.)
Session ID: 658403, Policy name: default-permit/5, HA State: Warm,
Timeout: 14404, Session State: Valid
In: 192.168.11.5/29276 --> 246.246.246.98/22;tcp, Conn Tag: 0x0, If:
ae2.0, Pkts: 0, Bytes: 0, HA Wing State: Warm,
Out: 246.246.246.98/22 --> 123.123.123.255/1029;tcp, Conn Tag: 0x0, If:
ae1.0, Pkts: 0, Bytes: 0, HA Wing State: Warm,
Total sessions: 1
-Aaron
More information about the juniper-nsp
mailing list