This post is an example of configuring an IPsec tunnel with F5 BIG-IP. In the diagram below the IPsec tunnel is configured between SRX210 (Junos 12.1X47-D20.7) and F5 BIG-IP (11.6.0 HF5-ENG11). F5 BIG-IP is connected here in one-arm setup. The SRX240 is not “an interesting device” in this demonstration. It is just a firewall and […]
SoftEther VPN with a VPN Address Pool
For replacing a physical remote access VPN implementation with a VPN server in a virtual machine, one of the options is SoftEther. There is a lot of documentation in the site but somehow I felt the material was hard to absorb. In this post I describe the reference implementation I managed to complete with SoftEther. […]
Juniper SRX IPsec LAN-to-LAN VPN Part 2
This is the part 2 of my Juniper SRX IPsec LAN-to-LAN VPN posts. In part 1 we had a simple LAN-to-LAN VPN with only one subnet in each site. In this post we have two subnets in Their Site to illustrate the VPN configuration options. Here is the topology for this post. Their Site is […]
Juniper SRX IPsec LAN-to-LAN VPN Part 1
In this post I will show two flavours of configuring a LAN-to-LAN IPsec VPN tunnel with Juniper SRX: policy-based and route-based. I have been under impression that those ways are mutually exclusive so that only one way is valid for a given endpoint in the opposite side. How wrong have I been. Here is the […]
Juniper SRX Traffic Processing
Some pointers to documentation in juniper.net that describe the traffic processing in Juniper SRX platform: Juniper Networks Devices Processing Overview (Junos 12.1X47) Flow-Based Processing Feature Guide for Security Devices (Junos 12.1X47) SRX Getting Started — Troubleshooting Traffic Flows and Session Establishment (KB16110) Short version of the processing order: Per packet policer Per packet filter For […]
Cygwin Vim vimrc Location
Just wanted to say this: In Vim under Cygwin the user’s vimrc is not looked up as ~/.vimrc. One of the correct locations is ~/.vim/vimrc. It will be read whether you start your editor as “vi” or as “vim”. You can use a template to start with: Markku@T540p ~ $ mkdir .vim Markku@T540p ~ $ […]
Look, New Look
As you can see, I changed the blog theme. I like this Frontier theme for it’s clarity, it’s easy to see where everything is. Some customizations may still occur.
Setting Up a Syslog Server
In the field of networking it is very useful to have a centralized location for your logs as the system itself (the network) is distributed. Syslog is the usual method of collecting the logs. There are lots of different solutions to collect syslogs, ranging from general-purpose servers or virtual machines running some syslog daemon software […]
Juniper SRX Old and New DHCP, with Problems
At some point I tried to configure Juniper SRX100 with DHCPv6 server, with no luck. The configurations didn’t just work. I gave up at that time, but returned to the matter some days ago. I realized something in Junos DHCP configurations: people are talking about “old” and “new” ways to configure DHCP server and client […]
Cisco Nexus FEX Lineup
Cisco has had Fabric Extenders in their Nexus datacenter switch portfolio since 2009. Since there are various models and they all are still appearing in the datacenters here is a summary of all the different FEX models. Updated on 12-Oct-2014: Added Nexus 2348TQ. Updated on 22-Apr-2015: Added Nexus 2332TQ. Nexus 2148T Nexus 2148T was the […]