[j-nsp] I've got some bone head problem on an srx...but I don't see it.

Morgan McLean wrx230 at gmail.com
Tue Jun 11 21:29:08 EDT 2013


I have an SRX cluster at an office with a single connection to the web at
the moment. It has a couple ipsec connections out to our datacenters, and a
couple local subnets hanging on RETH interfaces.

For the life of me, I can't figure out why I'm unable to ping out from this
system. Even if I try to ping the point to point between us and Verizon, a
direct route, it won't work unless I specify the source address as our
local interface address.

Outbound nat from clients behind the SRX works fine. The loopback is in
trust, and I have a couple zones + trust with a source nat rule using the
verizon interface IP as the egress point. Destination nat rules work.

So everything seems to work...except from the SRX. As a result, we cannot
ping the SRX remotely...but again IPSEC works.

Any great tips? None of our other SRX's behave like this...and its driving
me nuts!


-- 
Thanks,
Morgan


More information about the juniper-nsp mailing list