Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Cannot manage (Telnet, SSH, WebUI, SSL, HTTP, HTTPS, SNMP) my firewall running NSRP

0

0

Article ID: KB11363 KB Last Updated: 23 Aug 2010Version: 8.0
Summary:
Resolution Path for troubleshooting why the devices of an NSRP cluster cannot be managed.
Symptoms:
Symptoms & Errors:
  • Can't manage device in an NSRP cluster from a remote client
  • Can't manage the backup firewall
  • Can't Telnet, SSH, HTTP (WebUI), HTTPS, SNMP to firewall running NSRP from a client on the network.
  • When I telnet using the firewall IP, I get the master. How can I telnet to the backup firewall?

Solution:
Use the steps below to troubleshoot why the devices of an NSRP cluster cannot be managed. To view the flowchart for these steps, select:  KB11363 Flowchart
 

step1  Did you receive a firewall login prompt, but can't log in?

  • Yes - Consult: KB11380 to troubleshoot authentication issue.
  • No OR Can log in, but wanted the other NSRP device in the cluster  - Continue with Step 2

Step2  Is the firewall a NS-500 or NS-5000 device, and if so, are you attempting to manage the firewall thru the physical MGT port of the firewall?

  • Yes - Jump to Step 7
  • No  - Continue with Step 3

Step3  Is the firewall in NAT/Route or Transparent mode? From the console, use the CLI command 'get system' to check the mode.

Step4  Which device in the NSRP cluster cannot be managed?

  • Master - Jump to Step 7
  • Backup  - Continue with Step 5

Step5  Does the Backup firewall have a 'Manage IP' address configured AND are you using that IP address to manage it? To check the 'Manage ip' address, issue the command get int <int_name>.

note: The Backup firewall 'Manage IP' address should be different than the Master firewall 'Manage IP' address.

Step6   From the Client device, can you ping the Backup firewall's 'Manage IP' address?

Step7  From the client device, can you ping the Master firewall using the same IP address that you used when attempting to manage it?

  • Yes - Continue with Step 8
  • No  - Confirm the IP address and the PING service is enabled on the interface you are trying to manage. If it is set correctly, troubleshoot the routing or network issue. Use the CLI command get route ip <client_ip_address> to confirm the route to the client.

Step8  On the console of the firewall that cannot be managed, is the service application (ie Telnet, SSH, SNMP, HTTP, HTTPS) enabled on the interface?

  • Yes - Continue with Step 9
  • No  - Enable the service on the interface. For assistance, consult KB11369.

Step9  If using HTTP, HTTPS, Telnet, or SSH, are you using the correct admin port? On the firewall console, use the CLI command get admin to view the port numbers configured .

  • Yes or Not Applicable - Continue with Step 10
  • No  - Try again using the correct port number. For assistance, consult KB11376.

Step10  If 'Permitted IP Addresses' are configured, is the network or address of the client device listed? Some environments restrict admin access to a limited set of IP networks and addresses. For additional information, consult KB3905.

Step11  Are you using SNMP to manage the firewall?

Step12  Are you managing the firewall through a VPN?

Step13  If you received a specific error, search the KB for that error string. Otherwise, collect data and open a case by either logging into the Case Management tool via the Juniper support site at: Case Management and click on  "Create a Case" or by calling in to Juniper Networks Technical Assistance Center at 888-314-JTAC (5822) (408-745-9500 for domestic or international)

 
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search