Czesc,Bolo pisze:Witam,
Tak jak w temacie. Czy kiedykolwiek komuś to się udało?
Jeśli tak, poproszę o wskazówki.
Dziękuję
Kod: Zaznacz cały
interfaces {
ge-0/0/0 {
unit 0 {
family inet {
address 7.7.7.7/24;
}
}
}
ge-0/0/1 {
unit 0 {
family inet {
address 10.108.1.1/24;
}
}
}
lo0 {
unit 0 {
family inet {
address 10.108.1.200/24;
}
}
}
st0 {
unit 0 {
multipoint;
family inet {
address 172.20.20.1/24;
}
}
}
}
Kod: Zaznacz cały
routing-options {
static {
route 0.0.0.0/0 next-hop 7.7.7.10;
}
}
Kod: Zaznacz cały
protocols {
ospf {
traceoptions {
file ospf-trace;
flag hello;
}
export export-all;
import import-all;
area 0.0.0.0 {
interface st0.0 {
interface-type p2mp;
neighbor 172.20.20.2;
}
interface lo0.0;
interface ge-0/0/1.0;
}
}
}
Kod: Zaznacz cały
policy-options {
policy-statement export-all {
term t1 {
then accept;
}
}
policy-statement import-all {
term t1 {
then accept;
}
}
Kod: Zaznacz cały
root@SRX-240# run show route protocol ospf
inet.0: 15 destinations, 16 routes (15 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0.0.0.0/0 [OSPF/150] 00:00:03, metric 0, tag 0
> to 1.1.1.210 via st0.0
1.1.1.210/32 *[OSPF/10] 00:00:03, metric 1
> to 1.1.1.210 via st0.0
7.7.7.0/24 *[OSPF/150] 00:00:03, metric 0, tag 0
> to 1.1.1.210 via st0.0
10.108.1.0/24 *[OSPF/10] 00:00:03, metric 1
> to 1.1.1.210 via st0.0
10.108.1.200/32 *[OSPF/10] 00:00:03, metric 1
> to 1.1.1.210 via st0.0
224.0.0.5/32 *[OSPF/10] 00:41:11, metric 1
MultiRecv
[edit]
root@SRX-240# run show route active-path
inet.0: 15 destinations, 16 routes (15 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0.0.0.0/0 *[Static/5] 00:20:49
> to 8.8.8.10 via ge-0/0/0.0
1.1.1.0/24 *[Direct/0] 00:07:34
> via st0.0
1.1.1.210/32 *[OSPF/10] 00:00:16, metric 1
> to 1.1.1.210 via st0.0
1.1.1.240/32 *[Local/0] 00:07:34
Local via st0.0
7.7.7.0/24 *[OSPF/150] 00:00:16, metric 0, tag 0
> to 1.1.1.210 via st0.0
8.8.8.0/24 *[Direct/0] 00:40:39
> via ge-0/0/0.0
8.8.8.8/32 *[Local/0] 00:40:44
Local via ge-0/0/0.0
10.108.1.0/24 *[OSPF/10] 00:00:16, metric 1
> to 1.1.1.210 via st0.0
10.108.1.200/32 *[OSPF/10] 00:00:16, metric 1
> to 1.1.1.210 via st0.0
10.132.1.0/24 *[Direct/0] 00:41:23
> via lo0.0
10.132.1.1/32 *[Local/0] 00:40:44
Reject
10.132.1.200/32 *[Local/0] 00:41:23
Local via lo0.0
172.1.1.0/24 *[Direct/0] 00:40:40
> via fe-0/0/7.0
172.1.1.1/32 *[Local/0] 00:40:44
Local via fe-0/0/7.0
224.0.0.5/32 *[OSPF/10] 00:41:24, metric 1
MultiRecv
[edit]
Kod: Zaznacz cały
root@SRX-240# run show ospf database
OSPF database, Area 0.0.0.0
Type ID Adv Rtr Seq Age Opt Cksum Len
Router 10.108.1.200 10.108.1.200 0x8000001e 65 0x22 0x59c6 84
Router *10.132.1.200 10.132.1.200 0x80000032 24 0x22 0x93bf 60
OSPF AS SCOPE link state database
Type ID Adv Rtr Seq Age Opt Cksum Len
Extern 0.0.0.0 10.108.1.200 0x80000001 535 0x22 0x87ea 36
Extern *0.0.0.0 10.132.1.200 0x80000001 1346 0x22 0xc693 36
Extern 7.7.7.0 10.108.1.200 0x80000001 535 0x22 0x8ad2 36
Extern *8.8.8.0 10.132.1.200 0x80000002 96 0x22 0xa39d 36
Extern 10.108.1.200 10.108.1.200 0x80000001 535 0x22 0xd25 36
Extern *10.132.1.200 10.132.1.200 0x80000002 1595 0x22 0x29d7 36
Extern *172.1.1.0 10.132.1.200 0x80000002 649 0x22 0xe8c1 36
Kod: Zaznacz cały
root@SRX-240# run show ospf interface
Interface State Area DR ID BDR ID Nbrs
ge-0/0/1.0 Down 0.0.0.0 0.0.0.0 0.0.0.0 0
lo0.0 DR 0.0.0.0 10.132.1.200 0.0.0.0 0
st0.0 PtToPt 0.0.0.0 0.0.0.0 0.0.0.0 0
Jak wyglądają polityki Zone ??Bolo pisze:jakies pomysły?
Dodanie interfejsu st0.x do odpowiedniego Zone:[edit security ipsec]
vpn NAZWA-VPN {
bind-interface st0.x; }
[edit security zones security-zone NAZWA]
interfaces {
ge-1/0/0.0;
st0.x; }