Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[vSRX] Configuring a public IP address on vSRX hosted on Azure Cloud

0

0

Article ID: KB33085 KB Last Updated: 04 Sep 2018Version: 1.0
Summary:

This article walks you through the procedure to configure a public IP address on any given interface of a vSRX instance that is running on Azure Cloud.

 

Solution:

A public IP address must be configured on the respective interfaces of the vSRX instance when there is a need to manage the instance over the Internet and also to have a VPN to the instance from a remote gateway.

Note: This article assumes that a vSRX instance has already been created on Azure Cloud with the necessary interfaces. For more information, see vSRX Deployment Guide for Microsoft Azure Cloud.

The procedure is carried out in two stages:

Configuration on the Azure Portal

  1. From the portal https://portal.azure.com, browse to your virtual machine instance.

  2. Go to virtual machine > Networking.

  1. Go the interface on which the public IP address configuration is required and click the interface name (highlighted in red above).

  2. Go to the "IP configurations" option in the menu on the left and click Add:

  1. The following screen appears:

  1. Give any name to the adapter, such as ipconfig2, and choose to enable the public IP address. The following screen appears on the right:

  1. If a public IP address exists, it can be used; else create a new one:

  1. After all the options are selected, click OK. The public IP address will now show up on the interface main page (this will take some time):

  1. Go back to the Network Security Group (NSG) of this interface and add rules to permit access as per requirement:

 

Configuration required on vSRX

  1. Now, log in to the vSRX by using SSH/Telnet.

  2. Configure the respective interface for the private IP address. For example, in the above screenshots, when the public IP was address being created, the IP address was actually a public/private pair: 51.144.229.68/10.0.1.7.

Note: This interface must be configured in a new or separate routing instance. The reason is that Azure pushes a default route on the vSRX via the FXP interface in the default routing instance. If access is required on the new public IP address, another default route via this revenue interface will be needed, which must be in a different routing instance.

Sample configuration:

 
set interfaces ge-0/0/0 unit 0 family inet address 10.0.1.7/24
set routing-instances new_instance instance-type virtual-router
set routing-instances new_instance interface ge-0/0/0.0
set routing-instances new_instance routing-options static route 0.0.0.0/0 next-hop 10.0.1.1 
 

Note: For any subnet, Azure will be reserving the first three host IP addresses. Also, for any route configuration on the vSRX, you need to use the first host in the subnet as the next-hop, like 10.0.1.1 in this case.

 

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search