[j-nsp] I've got some bone head problem on an srx...but I don't see it.

Morgan McLean wrx230 at gmail.com
Tue Jun 11 22:09:05 EDT 2013


I've gotten a couple replies off list. There is an any policy from trust to
untrust, and the untrust zone does have host inbound traffic ping enabled.
I think the ping not responding is a byproduct of whatever is going on,
though.

Morgan


On Tue, Jun 11, 2013 at 6:29 PM, Morgan McLean <wrx230 at gmail.com> wrote:

> I have an SRX cluster at an office with a single connection to the web at
> the moment. It has a couple ipsec connections out to our datacenters, and a
> couple local subnets hanging on RETH interfaces.
>
> For the life of me, I can't figure out why I'm unable to ping out from
> this system. Even if I try to ping the point to point between us and
> Verizon, a direct route, it won't work unless I specify the source address
> as our local interface address.
>
> Outbound nat from clients behind the SRX works fine. The loopback is in
> trust, and I have a couple zones + trust with a source nat rule using the
> verizon interface IP as the egress point. Destination nat rules work.
>
> So everything seems to work...except from the SRX. As a result, we cannot
> ping the SRX remotely...but again IPSEC works.
>
> Any great tips? None of our other SRX's behave like this...and its driving
> me nuts!
>
>
> --
> Thanks,
> Morgan
>



-- 
Thanks,
Morgan


More information about the juniper-nsp mailing list