Message Image

Skip main navigation (Press Enter).

SRX

View Only

last person joined: 13 hours ago

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

Back to discussions

Expand all | Collapse all

Can not ping external Nated IP from behind the SRX from the server itself in the trust zone

JAY ECHOUAFNI08-23-2023 14:12

FYI it was working before not sure what I did to break it. is simple I can not ping a from the outside ...

spuluka08-24-2023 10:56

If I understand your layout correctly you have successfully setup nat and policy from internet sources ...

JAY ECHOUAFNI08-24-2023 16:41

Yes my regular NATs from the internet to my internal servers are working it's just my servers to themselves ...

spuluka08-28-2023 07:02

The nat policy looks good. The security policy is not correct. The internal traffic will be from ...

JAY ECHOUAFNI08-28-2023 11:43

The reason you see that because there is already one from trust to untrust otherwise none of my internal ...

JAY ECHOUAFNI09-18-2023 10:33

It has been weeks and did not get any help on this would anyone take a minute and help me I am really ...

GAVIN WHITE09-22-2023 16:49

Hi Jay, Reiterating on what Steve was saying. You need to have a security policy to allow traffic ...

JAY ECHOUAFNI09-22-2023 17:22

I did try this but when I ping the domain or public IP behind the firewall it doe not work ...

JAY ECHOUAFNI09-22-2023 17:50

Keep in mind that I already have a policy like yours and that does not allow me to ping any nated ...

GAVIN WHITE09-22-2023 19:46

Hi Jay, Just reiterating Steve's note here, you will need to add a security policy to allow traffic ...

JAY ECHOUAFNI09-22-2023 19:55

I can not commit I get this Warning(s): 'policy our-hairpin-policy,policy our-hairpin-policy' ...

GAVIN WHITE09-22-2023 20:08

Apologies for the double post. I got no confirmation from my first post. The 'any any' rule ...

JAY ECHOUAFNI09-22-2023 20:29

I did create an address book entry for both internal and external IP but when I try to ping the ...

GAVIN WHITE09-23-2023 19:59

HI Jay, As the Security Policy is processed after NAT, your source and destination addresses ...

JAY ECHOUAFNI09-23-2023 22:11

There were error(s) delivering the configuration. Error(s): 'address 164.182.158.1/32' 1) ...

GAVIN WHITE09-25-2023 10:06

My Appologies Jay, I should have asked the following questions... Does your provider ...

1. Can not ping external Nated IP from behind the SRX from the server itself in the trust zone

0 Recommend
JAY ECHOUAFNI
Posted 08-23-2023 14:12

Reply Reply Privately
FYI it was working before not sure what I did to break it. is simple I can not ping a from the outside (the internet) any of my Public IPs that is nated I can also ping the public interface IP but nothing that everyone outside is able to ping and view http from behind the SRX. noy from the server inside in the trust zone. Is there a reverse or loop back command I am missing please.

------------------------------
JAY ECHOUAFNI
------------------------------
2. RE: Can not ping external Nated IP from behind the SRX from the server itself in the trust zone

0 Recommend
spuluka
Posted 08-24-2023 10:56

Reply Reply Privately
If I understand your layout correctly you have successfully setup nat and policy from internet sources to your public ip address nat to an internal server. But access to the same public ip address to those servers from internal addresses does not work.

For the internal traffic to work you need two policies nat and security.

For the nat policy you likely can simply add the internal zone or zones as the source zone to the working