I'am so confusing to get connected from the internet with my Layer 3 Routed VLAN on srx100B .
on router 2 srx100b i can ping to router-1
root@ROUTER-2# run ping 172.10.11.2
PING 172.10.11.2 (172.10.11.2): 56 data bytes
64 bytes from 172.10.11.2: icmp_seq=0 ttl=64 time=2.583 ms
but, if i am use ping source , im not get action or, reply from 172.10.11.2
root@ROUTER-2# run ping 172.10.11.2 source 192.168.100.1
PING 172.10.11.2 (172.10.11.2): 56 data bytes
...
...
--
....
root@ROUTER-2# run ping 8.8.8.8 source 10.11.12.14
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: icmp_seq=0 ttl=48 time=49.530 ms
64 bytes from 8.8.8.8: icmp_seq=1 ttl=48 time=49.709 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=48 time=50.789 ms
can't access to the internet
root@ROUTER-2# run ping 8.8.8.8 source 192.168.100.1
PING 8.8.8.8 (8.8.8.8): 56 data bytes
...
..
...
sample topology :
----------------------- ------------------
the internet -----> | ROUTER-1 | ----------> | SRX100B | L3 routed VLAN
----------------------- -------------------
Here's My Configuration on router 2 SRX100B
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2013.04.24 02:22:48 =~=~=~=~=~=~=~=~=~=~=~=
root@ROUTER-2# run show configuration | no-more
## Last commit: 2013-04-24 01:59:28 UTC by root
version 10.4R1.9;
system {
host-name ROUTER-2;
root-authentication {
encrypted-password "$1$AvS8MiNg$IE0obTNf0OOYJ8JFHy0J.."; ## SECRET-DATA
}
services {
dhcp {
default-lease-time 3600;
domain-name unit-engineer.net;
name-server {
8.8.8.8;
8.8.4.4;
}
router {
192.168.100.1;
}
pool 192.168.100.0/24 {
address-range low 192.168.100.10 high 192.168.100.254;
}
}
}
}
interfaces {
fe-0/0/0 {
unit 0 {
family inet {
address 10.11.12.14/24;
}
}
}
fe-0/0/1 {
unit 0 {
description ***UNIT-SALES**;
family ethernet-switching {
vlan {
members V_100;
}
}
}
}
fe-0/0/2 {
unit 0 {
description ***UNIT-FINANCE***;
family ethernet-switching {
vlan {
members V_200;
}
}
}
}
vlan {
unit 100 {
family inet {
address 192.168.100.1/24;
}
}
unit 200 {
family inet {
address 192.168.200.1/24;
}
}
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop 10.11.12.13;
}
}
security {
zones {
security-zone TRUST-TO-R1 {
interfaces {
fe-0/0/0.0 {
host-inbound-traffic {
system-services {
http;
ping;
all;
}
}
}
}
}
security-zone VLAN-SALES {
interfaces {
vlan.100 {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
}
}
}
security-zone VLAN-100 {
interfaces {
fe-0/0/1.0 {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
}
}
}
security-zone pol;
}
policies {
from-zone VLAN-SALES to-zone TRUST-TO-R1 {
policy ALLOW-TRAFFIC-FROM-VLAN-100 {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone TRUST-TO-R1 to-zone VLAN-SALES {
policy TO-VLAN-100 {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone VLAN-100 to-zone TRUST-TO-R1 {
policy ALLOW-VLAN-100-TO-R1 {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone TRUST-TO-R1 to-zone VLAN-100 {
policy ALLOW-VLAN-100-TO-R1 {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone VLAN-SALES to-zone VLAN-100 {
policy TRUST-T0-TRUST {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
}
}
vlans {
V_100 {
vlan-id 100;
l3-interface vlan.100;
}
V_200 {
vlan-id 200;
l3-interface vlan.200;
}
}
Please i am need help for this problem goal on this case.