Many apologies.... Something must be missing, but as mentioned, I don't know where.... I have completed the following:
set interface lo0.20 family inet address 192.168.1.1/32
The interface is already i n the routing-instance isis and also in the routing-instance (as per the Customer-VR)
I cannot ping the interface and it is not in the routing table:
run show route 192.168.1.1
Nothing there.....
So, the only difference between the Customer-VR and the NineGroup-VR is the following:
ge-0/0/2(NineGroup-VR) -- SRX1500 -- ae2 (Customer-VR) ---> ae2 (MX240)
So, maybe there is something in the middle missing that allows connectivity between the two VRs?
Here is the config you would want to see regarding this (again, please accept my apologies):
set security policies from-zone trust to-zone trust policy default-permit match source-address any
set security policies from-zone trust to-zone trust policy default-permit match destination-address any
set security policies from-zone trust to-zone trust policy default-permit match application any
set security policies from-zone trust to-zone trust policy default-permit then permit
set security policies from-zone trust to-zone untrust policy default-permit match source-address any
set security policies from-zone trust to-zone untrust policy default-permit match destination-address any
set security policies from-zone trust to-zone untrust policy default-permit match application any
set security policies from-zone trust to-zone untrust policy default-permit then permit
set security policies from-zone Customer-Network to-zone NineGroup-DMZ policy CliveTest match source-address any
set security policies from-zone Customer-Network to-zone NineGroup-DMZ policy CliveTest match destination-address any
set security policies from-zone Customer-Network to-zone NineGroup-DMZ policy CliveTest match application any
set security policies from-zone Customer-Network to-zone NineGroup-DMZ policy CliveTest then permit
set security policies from-zone NineGroup-DMZ to-zone Customer-Network policy CliveTest1 match source-address any
set security policies from-zone NineGroup-DMZ to-zone Customer-Network policy CliveTest1 match destination-address any
set security policies from-zone NineGroup-DMZ to-zone Customer-Network policy CliveTest1 match application any
set security policies from-zone NineGroup-DMZ to-zone Customer-Network policy CliveTest1 then permit
set security zones security-zone trust host-inbound-traffic system-services all
set security zones security-zone trust host-inbound-traffic protocols all
set security zones security-zone trust interfaces ge-0/0/1.0
set security zones security-zone trust interfaces ge-0/0/3.0
set security zones security-zone untrust screen untrust-screen
set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services dhcp
set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services tftp
set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services https
set security zones security-zone NineGroup-DMZ host-inbound-traffic system-services all
set security zones security-zone NineGroup-DMZ host-inbound-traffic protocols all
set security zones security-zone NineGroup-DMZ interfaces ge-0/0/2.0
set security zones security-zone Customer-Network host-inbound-traffic system-services all
set security zones security-zone Customer-Network host-inbound-traffic protocols all
set security zones security-zone Customer-Network interfaces ae2.0
set interfaces ge-0/0/2 unit 0 family inet address 195.80.0.37/30
set interfaces ge-0/0/2 unit 0 family iso
set interfaces ge-0/0/2 unit 0 family inet6 address 2a05:d840:0030:ffff:ffff:ffff:0000:0001/127
set interfaces xe-0/0/16 description Group-ae2
set interfaces xe-0/0/16 gigether-options 802.3ad ae2
set interfaces xe-0/0/18 description Group-ae2
set interfaces xe-0/0/18 gigether-options 802.3ad ae2
set interfaces ae2 unit 0 description TO-THW-CORE-01-ae2
set interfaces ae2 unit 0 family inet address 195.80.0.18/30
set interfaces ae2 unit 0 family iso
set interfaces ae2 unit 0 family inet6 address 2a05:d840:002b:ffff:ffff:ffff:0000:0002/127
set interfaces lo0 unit 0 family inet address 195.80.0.3/32
set interfaces lo0 unit 0 family iso
set interfaces lo0 unit 0 family inet6 address 2a05:d840:000e:ffff:ffff:ffff:0000:0001/128
set interfaces lo0 unit 10 family iso address 49.0001.1950.0080.0004.00
set interfaces lo0 unit 20 family inet address 192.168.1.1/32
set interfaces lo0 unit 20 family iso address 49.0001.1950.0080.0014.00
set routing-options static route 172.16.16.0/24 next-hop 172.16.16.39
set protocols isis export export_statics
set protocols isis level 1 authentication-key "$9$zyOuFCuREyKWxSrxdwgUDP5QF9AuO1hyl"
set protocols isis level 1 authentication-type md5
set protocols isis level 2 authentication-key "$9$Xqsxb2ZGi.fzjHz6CuEhvWLxVw24aUik"
set protocols isis level 2 authentication-type md5
set protocols isis interface lo0.0
set policy-options policy-statement export_statics term 1 from protocol static
set policy-options policy-statement export_statics term 1 then accept
set routing-instances Customer-VR instance-type virtual-router
set routing-instances Customer-VR interface ae2.0
set routing-instances Customer-VR interface lo0.10
set routing-instances Customer-VR protocols isis level 1 authentication-key "$9$29gGiPfz6CuQFu1EyW8VwYgZUik.5z3"
set routing-instances Customer-VR protocols isis level 1 authentication-type md5
set routing-instances Customer-VR protocols isis level 2 authentication-key "$9$lOzeLNsYoGjq4aqfQnpuhSre8XNdb2oJ"
set routing-instances Customer-VR protocols isis level 2 authentication-type md5
set routing-instances Customer-VR protocols isis interface ae2.0
set routing-instances Customer-VR protocols isis interface lo0.10
set routing-instances NineGroup-VR instance-type virtual-router
set routing-instances NineGroup-VR interface ge-0/0/2.0
set routing-instances NineGroup-VR interface lo0.20
set routing-instances NineGroup-VR protocols isis level 1 authentication-key "$9$.mz6pu1hyKBIK8xdg4jHqmQF69A01R"
set routing-instances NineGroup-VR protocols isis level 1 authentication-type md5
set routing-instances NineGroup-VR protocols isis level 2 authentication-key "$9$10AIyKXxdsgJ-VJDHmF3p0BISrKM87db"
set routing-instances NineGroup-VR protocols isis level 2 authentication-type md5
set routing-instances NineGroup-VR protocols isis interface ge-0/0/2.0
set routing-instances NineGroup-VR protocols isis interface lo0.20
I just cannot see anything there that would not allow this to work....
I have tested with the defaults of Trust and Untrust and this worked.... but we need more control over the VRs...
Thanks again for your time.....