Jump to content

This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!

Router - Juniper SRX: Difference between revisions

Added IPv6
(Changed to next-hop)
(Added IPv6)
|}
 
== IPv4Dual-onlystack Example Config ==
 
* Statically configured IPv4 and IPv6 for a single AAISP line
* Trust VLAN on Ethernet Port 0-6
* PPPoE configured on Ethernet Port 7
 
<source>
## Last changed: 2015-03-29 17:42:36 BST
version 12.1X46-D30.2;
system {
host-name dsl-router;
url https://ae1.juniper.net/junos/key_retrieval;
}
stp;}
ntp {
server 90.155.53.94;
server 90.155.53.93;
}
}
}
}
pp0lo0 {
traceoptionsunit 0 {
flagfamily all;inet6 {
address 2001:8b0:XXXX::1/128;
}
}
}
pp0 {
unit 0 {
description AAISP;
mtu 1492;
negotiate-address;
}
family inet6 {
mtu 1492;
}
}
family inet {
address 192.168.1.1/24;
}
family inet6 {
address 2001:8b0:XXXX:3::1/64;
}
}
}
routing-options {
rib inet6.0 {
static {
route 0.0.0.0/0 next-hop pp0.0;static {
} route 0::0/0 next-hop pp0.0;
}
}
static {
route 0.0.0.0/0 next-hop pp0.0;
}
}
protocols {
router-advertisement {
stp;
interface vlan.3 {
prefix 2001:8b0:XXXX:3::/64;
}
}
}
security {
forwarding-options {
family {
inet6 {
mode flow-based;
}
}
}
screen {
ids-option untrust-screen {
}
}
}
from-zone untrust to-zone trust {
policy ping6-to-trust {
match {
source-address any-ipv6;
destination-address any-ipv6;
application junos-pingv6;
}
then {
permit;
}
}
policy reject-untrust-to-trust {
match {
source-address any;
destination-address any;
application any;
}
then {
reject;
}
}
}
default-policy {
deny-all;
}
}
interfaces {
vlan.3;
lo0.0;
}
}
security-zone untrust {
screen untrust-screen;
host-inbound-traffic {
system-services {
static { ping;
}
}
interfaces {
pp0.0;
57

edits