Log in to ask questions, share your expertise, or stay connected to content you value. Don’t have a login? Learn how to become a member.
i have srx 240ah .
i can ping 126.96.36.199 internet is working but couldnot ping from my lan ip 192.168.1.5
vlan 1 ip 192.168.1.1/24
wan ip 10.0.10.14
wan gateway 10.0.10.1
as i am new to juniper please help to solve this isuue
I'm not sure the status you are asking about here, but I think you are saying on the cli of the SRX you can ping the internet 188.8.131.52 but from a host on the vlan 1 LAN side you cannot ping 184.108.40.206
If so the troubleshooting would start from that client
can you ping the SRX gateway 192.168.1.1 and confirm that connection is working
If not, check the following
Status of the interface with this address
show interface terse
If this is not up/up and is the vlan.# then check the physical interfaces in the same vlan
If working check the security zones and policy
Find which security zone the gateway interface is assigned to and the security zone of the default gateway egress WAN interface
show security zones
confirm the default route is active to the WAN interface
Check there is a security policy from the LAN to WAN zone allowing internet traffic
show security policies
If all that checks out confirm a session is created, start the ping and look for the session
show security flow session source-address 192.168.1.5/32
Thanks for your kind reply
i think you got wrong. Let me explian in details
my wan ip 10.0.10.14 and gateway is 10.0.10.1 interface ge-0/0/0.0
My lan ip 192.168.1.1 assigned to vlan.1 And 192.168.1.5 is my pc ip.
we have also vpn to Oracle cloud both the tunnels are up. we have forwarded route 10.100.100.0/24 to st0.1
0 And st0.0
i can ping 220.127.116.11 And internet is working no issue with internet from my pc
but i cannot ping 10.0.10.14 juniper wan ip and there gateway 10.0.10.1 and also Cannot ping 10.100.100.100 Oracle cloud side local ip from my pc is well as in juniper
i hope you got my issue.
is there Need to forward 192.168.1.0/24 to 0.0.0.0/0 ?
Thanks for the additional details. This would be the general troubleshooting process for lack of access.
First for SRX interfaces themselves the security zone they are assigned to must allow ping. So use the procedure above to identify the interface and zone and confirm that is permitted.
Next a security policy should be in place on the SRX to allow the traffic. The general procedure is to confirm which two zones are involved again by looking up the assignments of the two interfaces from-zone and to-zone. In your case the LAN - st.0 for the oracle traffic. then look up that the security policy is created for this.
The final command for security flow shows if the session was created and will display if response packets are seen. You could have a valid policy but the Oracle side routing is not working.
In your case you can also check the vpn status using the
show security ike security-associations
show security ipsec security-associations
more details here if they are down.
------------------------------MUHAMMAD KAZIMOriginal Message:Sent: 06-30-2023 07:15From: spulukaSubject: Cannot ping from vlan 1 inter face to my wan interface ip and gateway