Hello,
at first my topology:
I have 2 SRX320 FWs, let's call them FWA and FWB. In FWA I have configured 1 network 192.168.1.0/24 and multiple hosts connected to that network (vlan1 (irb.1) ge0/1 - ge0/5), FWA also connected to Internet. FWB is connected by ge0/0 to FWA's ge0/1 with inteface address 192.168.1.189 (vlan1 (irb.1)). FWB also have 2 another networks: 192.168.20.0/24 (.1) and 10.0.0.0/24 (.1) with hosts connected to them.
second - my configs
At FWA I have configured "set routing-options static route 192.168.20.0/24 next-hop 192.168.1.189" and at FWB I have configured "set security policies from-zone untrust to-zone trust policy name allow-vnc match source-address 192.168.1.186 | match destination-address 192.168.20.2 | match application junos-vnc | then permit.
Question:
Can anybody explain me why in this case routing between FWA and FWB networks do not work as expected? I can reach host .20.2 from .1.186 via VNC, but connection is lost every 30 sec and in wireshark I see a lot of spurious retransmissions and connection reset after that. If I add "route add 192.168.20.0 255.255.255.0 192.168.1.189" at .1.186 cmd the connection works well. How I can make routing between FW's in correct way and without adding the route from host side?
Thanks in advance!
------------------------------
Ivan Roots
------------------------------