Routing

 View Only
last person joined: 22 hours ago 

Ask questions and share experiences about ACX Series, CTP Series, MX Series, PTX Series, SSR Series, JRR Series, and all things routing, including portfolios and protocols.
  • 1.  Possible routing issue with Global Mode on SRX

    Posted 05-10-2023 15:06

    Hello Everyone,

    Here is my question. Currently I have two Juniper SRX 300's that have a routing device between them, which then goes through a VPN. Also, my firewall global mode is currently set to switching under protocols.

    The interface connected to the routing device uses INET and then I have an IRB interface with a private IP address which is assigned to a vlan that my other interface are assigned to.

    EXMP:

    GE-0/0/0 unit 0 family inet address 10.0.0.1/24

    GE-0/0/1  unit 0 family ethernet switching interface mode access vlan members INSIDE

    irb unit 0 family inet address 192.168.1.1/24

    vlan INSIDE 
    vlan id 10
    l3-interface irb.0

    Both SRX's are configure very similar to what you see above, and when they are connected to either side of the VPN, I can ping the irb address, but I can't ping any device connected to ge-0/0/1 which is using the INSIDE vlan and has an ip address assigned to it within the same subnet as irb.0.

    Is the reason I can't ping because the SRX is in global mode l2-learning switching? Is there something else I can do to get this to work?

    p.s.

    Zones and polices have also been set to allow traffic bi-directionally between the required zones.


    Thanks,
    Matt



    ------------------------------
    MATTHEW LOVELAND
    ------------------------------


  • 2.  RE: Possible routing issue with Global Mode on SRX

    Posted 05-11-2023 11:57

    I had a similar problem recently with my SRX300 running Junos 15.1X49-D45.

    Weird things observed were, I couldn't communicate unicast with devices on the LAN, but, I could get them to respond to broadcast ping, using "ping 192.168.1.255"... then I would see responses from the devices.  ...but, they still would not show up in the ARP cache ... "show arp no-resolve"

    I upgraded like this... 15.1X49-D45 ---> 19.4R3-S11.2 ---> 21.4R3-S3.4 

    IIRC, the problem was gone with the first upgrade to 19.4R3



    ------------------------------
    - Aaron
    ------------------------------