[j-nsp] vlan-tagging issue

[Luca Salvatore]

I have an MX5 and SRX240 directly connected to each other.  I need to setup multuple VLANs between them.  My config looks like this:

MX - Ge-1/0/2


show configuration interfaces ge-1/0/2
vlan-tagging;
unit 10 {
    vlan-id 10;
    family inet {
        address 198.xxx.xxx.21/30;



SRX - Ge-0/0/0
run show configuration interfaces ge-0/0/0
unit 0 {
    family ethernet-switching {
      port-mode trunk;
      vlan {
        members BGP-Routing-10;
}


# run show configuration interfaces vlan unit 10
family inet {
   address 198.xxx.xxx.22/30;


# run show configuration vlans BGP-Routing-10
vlan-id 10;
  l3-interface vlan.10;
 I have the vlan.10 interface in the untrust zone with ping and BGP enabled:
# ...security zones security-zone untrust interfaces
vlan.10 {
     host-inbound-traffic {
        system-services {
          ping;
          ssh;
        }
        protocols {
           bgp;
With this config I have no communication between the MX and SRX.  If I change them both to a normal 'family inet' config it works fine.
Any idea what's going on here?  This should work, or am I missing something simple here