I've gotten a couple replies off list. There is an any policy from trust to untrust, and the untrust zone does have host inbound traffic ping enabled. I think the ping not responding is a byproduct of whatever is going on, though.
Morgan On Tue, Jun 11, 2013 at 6:29 PM, Morgan McLean <[email protected]> wrote: > I have an SRX cluster at an office with a single connection to the web at > the moment. It has a couple ipsec connections out to our datacenters, and a > couple local subnets hanging on RETH interfaces. > > For the life of me, I can't figure out why I'm unable to ping out from > this system. Even if I try to ping the point to point between us and > Verizon, a direct route, it won't work unless I specify the source address > as our local interface address. > > Outbound nat from clients behind the SRX works fine. The loopback is in > trust, and I have a couple zones + trust with a source nat rule using the > verizon interface IP as the egress point. Destination nat rules work. > > So everything seems to work...except from the SRX. As a result, we cannot > ping the SRX remotely...but again IPSEC works. > > Any great tips? None of our other SRX's behave like this...and its driving > me nuts! > > > -- > Thanks, > Morgan > -- Thanks, Morgan _______________________________________________ juniper-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/juniper-nsp
