Confirm which operational mode your SRX is running
show security flow status
If this is standard flow based mode then you will also need to configure the new layer 3 interface into the desired security zone.
set security zones security-zone NAME interfaces irb.1
In that zone confirm that ping is permitted, either by explict or using the system services all
set security zones security-zone NAME host-inbound-traffic system-services ping
For traffic to flow a security policy would also need to be in place for the traffic passing through the SRX to/from the ASA as well.
------------------------------
Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
http://puluka.com/home------------------------------
Original Message:
Sent: 08-05-2024 12:36
From: Nguyen Anh
Subject: assign 1 ip address to 2 interface
Thank for your reply , Sir
I set up like your advice but stil not work, I cant ping from srx550 to ge1/3 asa5508. Is there anything I missing? Here my setting
vlans {
abc {
vlan-id 1;
l3-interface irb.1;
}
ge-1/0/1 {
gigether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
interface-mode access;
vlan {
members abc;
}
ge-1/0/2 {
gigether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
interface-mode access;
vlan {
members abc;
}
irb {
unit 1 {
family inet {
address 192.168.1.2/24;
------------------------------
Nguyen Anh
Original Message:
Sent: 08-05-2024 10:54
From: spuluka
Subject: assign 1 ip address to 2 interface
On the SRX550 you would assign both interfaces to the same vlan and create a layer 3 vlan interface for that group.
under vlan assign both ge1/0/1.0 and ge1/0/2.0
The create vlan.# with the desired ip address and add this interface as the layer 3 interface for the vlan
set vlans v200 interface ge-1/0/1.0
set vlans v200 interface ge-1/0/2.0
set vlans v200 l3-interface vlan.#
You would also add the vlan.# interface to the desired zone for any security policies.
------------------------------
Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
http://puluka.com/home
Original Message:
Sent: 08-05-2024 01:01
From: Nguyen Anh
Subject: assign 1 ip address to 2 interface
I have to route outside to inside with nexthop is ge1/0/1 and ge1/0/2, but in the same time only one asa5508 is active while I cannot assign 1 ip address to 2 interface ge1/0/1 and ge1/0/2 so if failover happen my route will fail. Is there any solution?
Thank you!
------------------------------
Nguyen Anh
------------------------------