Hello Spuluka,
thank you for your respond.
What i would like to do is to enable mgmt cli over ssh on SRX210 from vlan.20 localip-172.22.20.20/24. i added the security zone but is steal doesn't work. i try to ping and ssh but is not respond. sorry if could'n be clear with the requeriment.
ge-0/0/1 {
enable;
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members [ TRAFICO TRAFICO-90 SLOT-1-IPQAM MONITOREO CANALES TRAFICO-130 GESTION-MONITOREO ];
}
}
}
security {
zones {
security-zone guest {
host-inbound-traffic {
system-services {
ping;
all;
snmp;
snmp-trap;
ssh;
}
}
interfaces {
ge-0/0/1.0 {
host-inbound-traffic {
system-services {
all;
ssh;
}
}
}
ge-0/0/0.0 {
host-inbound-traffic {
system-services {
all;
}
}
}
vlan.0 {
host-inbound-traffic {
system-services {
ssh;
snmp;
snmp-trap;
ping;
}
}
}
}
}
}
}
root@SRX-VPN> show route
inet.0: 16 destinations, 16 routes (16 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0.0.0.0/0 *[Static/5] 00:00:14
> to 172.22.20.1 via vlan.20
172.22.16.0/24 *[Direct/0] 00:00:14
> via vlan.90
172.22.16.10/32 *[Local/0] 00:38:47
Local via vlan.90
172.22.20.0/24 *[Direct/0] 00:00:14
> via vlan.20
172.22.20.20/32 *[Local/0] 00:38:47
Local via vlan.20
172.22.25.0/24 *[Direct/0] 00:00:14
> via vlan.545
172.22.25.1/32 *[Local/0] 00:38:47
Local via vlan.545
172.22.26.0/24 *[Direct/0] 00:00:14
> via vlan.130
172.22.26.1/32 *[Local/0] 00:38:47
Local via vlan.130
172.22.30.0/24 *[Direct/0] 00:00:14
> via vlan.120
172.22.30.1/32 *[Local/0] 00:38:47
Local via vlan.120
192.168.1.0/24 *[Direct/0] 00:00:14
> via vlan.100
192.168.1.1/32 *[Local/0] 00:38:47
Local via vlan.100
192.168.100.1/32 *[Local/0] 00:38:47
Reject
192.168.200.0/24 *[Direct/0] 00:00:14
> via vlan.21
192.168.200.10/32 *[Local/0] 00:38:47
Local via vlan.21