SixXS::Sunset 2017-06-06

Juniper SSG5 and Heartbeat Tunnel
[de] Shadow Hawkins on Thursday, 10 December 2015 13:39:46
Hi there, I'm trying to set up a tunnel using my SSG5. The firewall is stated behind a NAT'ing device, but the public IP is static. I don't have any NAT rules for incoming traffic. ethernet0/0 is my 'external' interface. The tunnel won't come up and stays 'ready'. With aiccu it seems to work. The firewall policy on my SSG5 is any/any/allow set interface "ethernet0/0" zone "Untrust" set interface "tunnel.6" zone "Untrust" set interface ethernet0/0 ip 10.65.239.1/16 set interface "ethernet0/0" ipv6 mode "host" set interface "ethernet0/0" ipv6 ip 2001:xxxx:xxxx:1xxx::2/64 set interface "ethernet0/0" ipv6 enable set interface ethernet0/0 route set interface tunnel.6 ip unnumbered interface ethernet0/0 set interface "tunnel.6" ipv6 mode "host" set interface "tunnel.6" ipv6 enable set interface tunnel.6 tunnel encap ip6in4 manual set interface tunnel.6 tunnel local-if ethernet0/0 dst-ip 78.35.24.124 set interface tunnel.6 mtu 1280 Any ideas?
Juniper SSG5 and Heartbeat Tunnel
[de] Shadow Hawkins on Thursday, 10 December 2015 13:43:20
Edit: Firmware is 6.2.0r5.0
Juniper SSG5 and Heartbeat Tunnel
[ch] Jeroen Massar SixXS Staff on Thursday, 10 December 2015 14:00:49
I'm trying to set up a tunnel using my SSG5.
As the subject states 'heartbeat tunnel', you will need to run a heartbeat client somewhere.
The firewall is stated behind a NAT'ing device, but the public IP is static.
If you have a static IP you do not need heartbeat. As you have a NAT, you would have to either terminate the tunnel on the NAT or tell the NAT to forward proto-41 packets to the appropriate device.
I don't have any NAT rules for incoming traffic.
Then it won't work.
With aiccu it seems to work.
Same tunnel? The Heartbeat or did you switch it to AYIYA? I recall the Wiki containing a section on configuring a SSG properly....

Please note Posting is only allowed when you are logged in.

Static Sunset Edition of SixXS
©2001-2017 SixXS - IPv6 Deployment & Tunnel Broker