[j-nsp] /31 support on SRX tunnel interfaces
Hugo Slabbert
hugo at slabnet.com
Wed Aug 9 17:43:18 EDT 2017
>Is there any reason a /31 address would not work on a SRX tunnel interface
>(i.e. st0.1)
Shouldn't be; I've done /31s and /127s on GRE and st interfaces without
issues on various SRXs.
>The VPN is up, ping is allowed and both sides show outbound traffic but
>neither sides shows any inbound traffic.
Are the st interfaces in a security zone? Are you pinging _to_ the remote
SRX or _through_ it? If the former, do you have host-inbound-traffic
configured to permit it? If the latter, do you have security policies
configured to permit the traffic?
--
Hugo Slabbert | email, xmpp/jabber: hugo at slabnet.com
pgp key: B178313E | also on Signal
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://puck.nether.net/pipermail/juniper-nsp/attachments/20170809/63fa2db9/attachment.sig>
More information about the juniper-nsp
mailing list