[j-nsp] I've got some bone head problem on an srx...but I don't see it.
Morgan McLean
wrx230 at gmail.com
Tue Jun 11 22:09:05 EDT 2013
I've gotten a couple replies off list. There is an any policy from trust to
untrust, and the untrust zone does have host inbound traffic ping enabled.
I think the ping not responding is a byproduct of whatever is going on,
though.
Morgan
On Tue, Jun 11, 2013 at 6:29 PM, Morgan McLean <wrx230 at gmail.com> wrote:
> I have an SRX cluster at an office with a single connection to the web at
> the moment. It has a couple ipsec connections out to our datacenters, and a
> couple local subnets hanging on RETH interfaces.
>
> For the life of me, I can't figure out why I'm unable to ping out from
> this system. Even if I try to ping the point to point between us and
> Verizon, a direct route, it won't work unless I specify the source address
> as our local interface address.
>
> Outbound nat from clients behind the SRX works fine. The loopback is in
> trust, and I have a couple zones + trust with a source nat rule using the
> verizon interface IP as the egress point. Destination nat rules work.
>
> So everything seems to work...except from the SRX. As a result, we cannot
> ping the SRX remotely...but again IPSEC works.
>
> Any great tips? None of our other SRX's behave like this...and its driving
> me nuts!
>
>
> --
> Thanks,
> Morgan
>
--
Thanks,
Morgan
More information about the juniper-nsp
mailing list