[j-nsp] /31 support on SRX tunnel interfaces

Hugo Slabbert hugo at slabnet.com
Wed Aug 9 17:43:18 EDT 2017

>Is there any reason a /31 address would not work on a SRX tunnel interface 
>(i.e. st0.1)

Shouldn't be; I've done /31s and /127s on GRE and st interfaces without 
issues on various SRXs.

>The VPN is up, ping is allowed and both sides show outbound traffic but 
>neither sides shows any inbound traffic.

Are the st interfaces in a security zone?  Are you pinging _to_ the remote 
SRX or _through_ it?  If the former, do you have host-inbound-traffic 
configured to permit it?  If the latter, do you have security policies 
configured to permit the traffic?

Hugo Slabbert       | email, xmpp/jabber: hugo at slabnet.com
pgp key: B178313E   | also on Signal
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://puck.nether.net/pipermail/juniper-nsp/attachments/20170809/63fa2db9/attachment.sig>

More information about the juniper-nsp mailing list