Routing

 View Only

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



  • 1.  Loopback not reachable

    Posted 05-13-2022 17:24
    Hello team,

    I need some help, i got two old junipers in order to learn, an SRX and a J2320, the problem im facing is that i can ping the loopback SRX>J2320 however not J2320>SRX, im new and im sure i have made a stupid mistake somewhere but i don't have anyone more technical around me to ask for help, its been a few days trying to figure this out.


    admin2@JuniperSRX# run show interfaces terse
    Interface Admin Link Proto Local Remote
    fe-0/0/0 up up
    fe-0/0/0.0 up up inet 192.168.1.253/24
    fe-0/0/1 up up
    fe-0/0/1.0 up up inet 10.1.1.1/30
    fe-0/0/2 up up
    fe-0/0/2.0 up up inet 10.1.1.5/30
    lo0 up up
    lo0.0 up up inet 10.10.10.1 --> 0/0
    lo0.16384 up up inet 127.0.0.1 --> 0/0
    lo0.16385 up up inet 10.0.0.1 --> 0/0
    10.0.0.16 --> 0/0
    128.0.0.1 --> 0/0
    128.0.0.4 --> 0/0
    128.0.1.16 --> 0/0

    admin2@JuniperSRX# run ping 10.1.1.2
    PING 10.1.1.2 (10.1.1.2): 56 data bytes
    --- 10.1.1.2 ping statistics ---
    3 packets transmitted, 3 packets received, 0% packet loss
    round-trip min/avg/max/stddev = 2.104/2.163/2.223/0.049 ms


    admin2@JuniperSRX# run ping 10.10.10.4
    --- 10.10.10.4 ping statistics ---
    3 packets transmitted, 3 packets received, 0% packet loss
    round-trip min/avg/max/stddev = 2.030/2.107/2.205/0.073 ms
    ------------------------------------------------------------------


    admin2@JuniperJ2320# run show interfaces terse
    Interface Admin Link Proto Local Remote
    ge-0/0/0 up up
    ge-0/0/0.0 up up inet 192.168.1.254/24
    ge-0/0/1 up up
    ge-0/0/1.0 up up inet 10.1.1.2/30
    ge-0/0/2 up up
    ge-0/0/2.0 up up inet 10.1.1.6/30

    lo0 up up
    lo0.0 up up inet 10.10.10.4 --> 0/0
    lo0.16385 up up inet 10.0.0.1 --> 0/0
    10.0.0.16 --> 0/0


    admin2@JuniperJ2320# run ping 10.1.1.1
    --- 10.1.1.1 ping statistics ---
    6 packets transmitted, 6 packets received, 0% packet loss
    round-trip min/avg/max/stddev = 1.154/1.246/1.639/0.176 ms


    admin2@JuniperJ2320# run ping 10.10.10.1
    --- 10.10.10.1 ping statistics ---
    10 packets transmitted, 0 packets received, 100% packet loss


    ---------------------------------------
    Full config for both devices is below

    admin2@JuniperSRX# run show configuration | display set
    set version 12.1X46-D35.1
    set system host-name JuniperSRX
    set system time-zone GMT+1
    set system root-authentication encrypted-password "$1$QkIbWUTq$ql67TbYMqv/OrSEh6w8OS/"
    set system name-resolution no-resolve-on-input
    set system login user admin2 uid 2002
    set system login user admin2 class super-user
    set system login user admin2 authentication encrypted-password "$1$Fm9OzDeh$9bSi1KA.pngoh4cZU8jFe."
    set system services ssh
    set system services telnet
    set system services web-management http interface fe-0/0/7.0
    set system services web-management https system-generated-certificate
    set system services web-management https interface fe-0/0/7.0
    set system services web-management session idle-timeout 60
    set system syslog archive size 100k
    set system syslog archive files 3
    set system syslog user * any emergency
    set system syslog file messages any critical
    set system syslog file messages authorization info
    set system syslog file interactive-commands interactive-commands error
    set system max-configurations-on-flash 5
    set system max-configuration-rollbacks 5
    set system license autoupdate
    set system ntp
    set interfaces fe-0/0/0 unit 0 family inet address 192.168.1.253/24
    set interfaces fe-0/0/1 unit 0 family inet address 10.1.1.1/30
    set interfaces fe-0/0/2 unit 0 family inet address 10.1.1.5/30
    set interfaces fe-0/0/7 unit 0 family inet
    set interfaces lo0 unit 0 family inet address 10.10.10.1/32
    set routing-options static route 10.10.10.4/32 next-hop 10.1.1.2
    set security zones security-zone Internal host-inbound-traffic system-services all
    set security zones security-zone Internal host-inbound-traffic protocols all
    set security zones security-zone Internal interfaces fe-0/0/7.0 host-inbound-traffic system-services all
    set security zones security-zone Internal interfaces fe-0/0/7.0 host-inbound-traffic protocols all
    set security zones security-zone Internal interfaces fe-0/0/0.0 host-inbound-traffic system-services all
    set security zones security-zone Internal interfaces fe-0/0/0.0 host-inbound-traffic protocols all
    set security zones security-zone Internal interfaces fe-0/0/2.0 host-inbound-traffic system-services all
    set security zones security-zone Internal interfaces fe-0/0/2.0 host-inbound-traffic protocols all
    set security zones security-zone Internal interfaces lo0.0 host-inbound-traffic system-services all
    set security zones security-zone Internal interfaces lo0.0 host-inbound-traffic protocols all
    set security zones security-zone Internal interfaces fe-0/0/1.0 host-inbound-traffic system-services all
    set security zones security-zone Internal interfaces fe-0/0/1.0 host-inbound-traffic protocols all

    [edit]
    admin2@JuniperSRX#


    admin2@JuniperJ2320# run show configuration | display set
    set version 8.5R3.4
    set system host-name JuniperJ2320
    set system time-zone Europe/Sofia
    set system root-authentication encrypted-password "$1$xJbYZ8Vw$HjGh6v.ZTq79MJzP9chkJ0"
    set system login user admin2 uid 2002
    set system login user admin2 class superuser
    set system login user admin2 authentication encrypted-password "$1$byyE2/uP$urkxtJIW6GNEjwT.9ySQq0"
    set system services ssh root-login allow
    set system services ssh protocol-version v2
    set system services telnet
    set system services web-management http interface ge-0/0/0.0
    set system services web-management http interface ge-0/0/1.0
    set system services web-management http interface ge-0/0/3.0
    set system syslog user * any emergency
    set system syslog file messages any any
    set system syslog file messages authorization info
    set system syslog file interactive-commands interactive-commands any
    set interfaces ge-0/0/0 description WAN
    set interfaces ge-0/0/0 unit 0 family inet address 192.168.1.254/24
    set interfaces ge-0/0/1 unit 0 family inet address 10.1.1.2/30
    set interfaces ge-0/0/2 unit 0 family inet address 10.1.1.6/30
    set interfaces lo0 unit 0 family inet address 10.10.10.4/32
    set routing-options static route 10.10.10.1/32 next-hop 10.1.1.1

    [edit]
    admin2@JuniperJ2320#

    ------------------------------
    RADOSTIN KIRILOV
    ------------------------------


  • 2.  RE: Loopback not reachable

    Posted 05-15-2022 05:22
    Hi, 

    This is normal, you need to configure your security zone in the SRX, and enable ping services, try something like this:

    set security zone security-zone trust interface fe-0/0/0 host-inbound-traffic system services ping

    Thanks,

    ------------------------------
    GABRIEL FLORES
    ------------------------------



  • 3.  RE: Loopback not reachable

    Posted 05-18-2022 05:49
    Hello Mr Flores,  thank you for helping me, i just added the below without success

    admin2@JuniperSRX# run show configuration | display set | match ping
    set security zones security-zone Internal interfaces fe-0/0/0.0 host-inbound-traffic system-services ping
    set security zones security-zone Internal interfaces lo0.0 host-inbound-traffic system-services ping

    [edit]
    admin2@JuniperSRX#

    First i tried with the the interface fe-0/0/0.0 without success and then added the same for the loopback but it remains the same I'm afraid. My security zone is called "Internal" do i need to make a new one for fe-0/0/0.0 and lo0.0 ?

    Thank you.

    ------------------------------
    RADOSTIN KIRILOV
    ------------------------------



  • 4.  RE: Loopback not reachable

    Posted 05-18-2022 09:38
    Hello Mr. Flores

    I figured it out, i was googling around for some information on what could be causing this and found an old forum post about some bandwidth test (not related to my issue) but then i found this "admin2@JuniperSRX# set security policies default-policy permit-all " i thought to myself humm that looks like it could be something that will help and it did!!!

    admin2@JuniperSRX# run ping 10.10.10.4
    PING 10.10.10.4 (10.10.10.4): 56 data bytes
    64 bytes from 10.10.10.4: icmp_seq=0 ttl=64 time=2.178 ms
    64 bytes from 10.10.10.4: icmp_seq=1 ttl=64 time=2.298 ms
    ^C
    --- 10.10.10.4 ping statistics ---
    2 packets transmitted, 2 packets received, 0% packet loss
    round-trip min/avg/max/stddev = 2.178/2.238/2.298/0.060 ms

    [edit]
    admin2@JuniperSRX#

    admin2@JuniperJ2320# run ping 10.10.10.1
    PING 10.10.10.1 (10.10.10.1): 56 data bytes
    64 bytes from 10.10.10.1: icmp_seq=0 ttl=64 time=2.135 ms
    64 bytes from 10.10.10.1: icmp_seq=1 ttl=64 time=4.229 ms
    64 bytes from 10.10.10.1: icmp_seq=2 ttl=64 time=1.172 ms
    ^C
    --- 10.10.10.1 ping statistics ---
    3 packets transmitted, 3 packets received, 0% packet loss
    round-trip min/avg/max/stddev = 1.172/2.512/4.229/1.276 ms

    Thank you so much for the help.

    Thank you.

    ------------------------------
    RADOSTIN KIRILOV
    ------------------------------