SRX

Hey All

I'm learning my self JunoOS, and I'm setting up an SRX210

I have my laptop connected in fe-0/0/5 and uplink (another router) on ge-0/0/1

From my laptop, I can ping/ssh the SRX but I cannot get any further, when I ping 8.8.8.8 I get "Request timed out"

From the uplink side, I can access the SRX via ping or SSH, and from the SRX itself I can access 8.8.8.8, so I assume the routing is fine...

Can someone show me what I am missing? or show me how to enable the correct logging?

Attachment(s)

srx210.txt   6 KB 1 version

Hi,

Do you have static routes configured on you srx I do not see any routing specified in your config. You need a default router pointing to the upstream router.

Thanks

John

Looking at your config I am suspecting your upstream router ( the one between the SRX and 8.8.8.8 ) does not have a rule to NAT your trust subnet ( 192.168.1.0/24 ).  When you are pinging from the ge-0/0/1 interface, the traffic is sourced from 192.168.11.107/24.  

I do see you have a NAT rule, but that is from the trust to untrust zone, and ge-0/0/1 and ge-0/0/5 are both in the trust zone.

You can check to see if the traffic is passing from your srx to your upstream device by looking at the security flows when you ping.

show security flow session source-prefix 192.168.1.0/24 destination-prefix 8.8.8.8/32

Thanks, Jeff, looks like you got it right

First, I removed fe-0/0/1 from the zone, as this family ethernet switch, then I removed ge-0/0/1 from trusted and added to untrusted zone to fix the NAT rule.

Now I can ping my upstream network, and after I added a static route to the upstream router I can ping 8.8.8.8

Thanks!