Is there any reason a /31 address would not work on a SRX tunnel interface (i.e. st0.1)
Shouldn't be; I've done /31s and /127s on GRE and st interfaces without issues on various SRXs.
The VPN is up, ping is allowed and both sides show outbound traffic but neither sides shows any inbound traffic.
Are the st interfaces in a security zone? Are you pinging _to_ the remote SRX or _through_ it? If the former, do you have host-inbound-traffic configured to permit it? If the latter, do you have security policies configured to permit the traffic?
-- Hugo Slabbert | email, xmpp/jabber: h...@slabnet.com pgp key: B178313E | also on Signal
signature.asc
Description: Digital signature
_______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp