[j-nsp] netscreen issue

[snort bsd]

Hi:

I have a strange issue on my netscreen boxes. Besides
two default virtual routers "untrust-vr" and
"trust-vr", I created a third virtual router
"testbed-vr" as out of band mannagment access,
assigned a zone to it (binded an interface to that
zone too) and it works in the sense that I can access
the boxes remotely via ssh (I certainly can ping that
interface from remote). Of vcourse I have a static
route for that interface. 

now here is strange part: everything seems to be fine
except I can't ping the next-hop gateway, or any IP
addresses from the inside of those netscreen boxes.

Obviously it is not the routing issue otherwise I
would not be able to access the boxes from remote
locations. The testbed-vr has onw routing table and
netscreen has no commands similar like juniper-m
series "ping logical-router r1 xxx.xxx.xxx.xxx". More
there is no relationship between testbed routing table
and two other virtual routers' routing table,ie, the
testbed is standing alone virtual router. 

this issue doesn't affect the operation, but I am
perplexed by the behaviour.

Any help would be greatly appreciated.

Thanks

PS: there are no policies configured except "set
policy default-permit-all"


Send instant messages to your online friends http://au.messenger.yahoo.com