Add zone VPN host-inbound-traffic system-services ssh.
Also, in general, you can use show security packet-drop records to see why traffic is being dropped. For more details, you can use monitor security flow (with a filter!!!) which will show you how packets are being processed, what's being selected, etc., it's pretty interesting, if a little busy.
------------------------------
Nikolay Semov
------------------------------
Original Message:
Sent: 11-27-2024 03:43
From: Anonymous
Subject: Unable to SSH into SRX-A's Internal Gateway IP (10.88.88.253) via Remote Access VPN, while other connectivity (ping to SRX-A and SSH to SRX-B) works as expected
This message was posted by a user wishing to remain anonymous
I have two SRX firewalls:
- SRX-A: Acts as the perimeter internet gateway firewall. Remote Access VPN is terminated here.
- SRX-B: Functions as the internal firewall.
When connected to the VPN, you can ping the SRX-A's internal gateway IP (10.88.88.253
), but SSH access to this IP fails. However, you are able to both ping and SSH into SRX-B's internal gateway IP (10.88.88.254
).
PS: I can SSH to SRX-A from SRX-B, but I can't SSH into SRX-A directly when connected to the RA-VPN
Zone Configurations
Remote Access Zone (VPN):
Internal Connection between SRX-A and SRX-B (10.88.88.0/24):
Security Policies
From Internal Firewall Zone to VPN:
From VPN to Internal Firewall Zone: