Thank you !!
I solved this problem ..
After configure the about security log, I found the following message.
So .. I changed firewall mode "mix-mode" to "packet-based".
And communication between R1 and R2 succeeded.
# add config in vSRX
security {
forwarding-options {
family {
mpls {
mode packet-based;
}
}
}
}
root@vSRX01> show security flow status
Flow forwarding mode:
Inet forwarding mode: packet based
Inet6 forwarding mode: flow based
MPLS forwarding mode: packet based
ISO forwarding mode: drop
Tap mode: disabled (default)
Flow trace status
Flow tracing status: off
Flow session distribution
Distribution mode: Hash-based
GTP-U distribution: Disabled
Flow ipsec performance acceleration: off
Flow packet ordering
Ordering mode: Hardware
Flow power mode IPsec: Disabled
root@vSRX01>
Sep 13 07:46:33 07:46:33.358077:CID-0:THREAD_ID-01:RT:<192.168.20.2/0->192.168.10.2/16;1,0x0> matched filter f0:
Sep 13 07:46:33 07:46:33.358085:CID-0:THREAD_ID-01:RT:packet [100] ipid = 68, @0x244200ce
Sep 13 07:46:33 07:46:33.358087:CID-0:THREAD_ID-01:RT:---- flow_process_pkt: (thd 1): flow_ctxt type 15, common flag 0x0, mbuf 0x68e81000, rtbl_idx = 0
Sep 13 07:46:33 07:46:33.358103:CID-0:THREAD_ID-01:RT: flow process pak fast ifl 71 in_ifp irb.20
Sep 13 07:46:33 07:46:33.358105:CID-0:THREAD_ID-01:RT: goto L3 flow, natp 0x0
Sep 13 07:46:33 07:46:33.358108:CID-0:THREAD_ID-01:RT: ge-0/0/2.0:192.168.20.2->192.168.10.2, icmp, (8/0)
Sep 13 07:46:33 07:46:33.358111:CID-0:THREAD_ID-01:RT: find flow: table 0x20801f90, hash 28673(0xffff), sa 192.168.20.2, da 192.168.10.2, sp 0, dp 16, proto 1, tok 12297, conn-tag 0x00000000
Sep 13 07:46:33 07:46:33.358116:CID-0:THREAD_ID-01:RT: no session found, start first path. in_tunnel - 0x0, from_cp_flag - 0
Sep 13 07:46:33 07:46:33.358121:CID-0:THREAD_ID-01:RT: flow_first_create_session
Sep 13 07:46:33 07:46:33.358126:CID-0:THREAD_ID-01:RT:Save init hash spu id 0 to nsp and nsp2!
Sep 13 07:46:33 07:46:33.358198:CID-0:THREAD_ID-01:RT:First path alloc and instl pending session, natp=0x298be680, id=74
Sep 13 07:46:33 07:46:33.358201:CID-0:THREAD_ID-01:RT: flow_first_in_dst_nat: in <ge-0/0/2.0>, out <N/A> dst_adr 192.168.10.2, sp 0, dp 16
Sep 13 07:46:33 07:46:33.358204:CID-0:THREAD_ID-01:RT: chose interface ge-0/0/2.0 as incoming nat if.
Sep 13 07:46:33 07:46:33.358207:CID-0:THREAD_ID-01:RT:flow_first_rule_dst_xlate: DST no-xlate: 0.0.0.0(0) to 192.168.10.2(16)
Sep 13 07:46:33 07:46:33.358210:CID-0:THREAD_ID-01:RT: l2flow_first_routing: Before route-lookup ifp: in <ge-0/0/2.0>, out <N/A>
Sep 13 07:46:33 07:46:33.358211:CID-0:THREAD_ID-01:RT:l2flow_first_routing: call flow_route_lookup(): src_ip 192.168.20.2, x_dst_ip 192.168.10.2, ifp ge-0/0/2.0, sp 0, dp 16, ip_proto 1, tos 0
Sep 13 07:46:33 07:46:33.358212:CID-0:THREAD_ID-01:RT:Doing DESTINATION addr route-lookup
Sep 13 07:46:33 07:46:33.358222:CID-0:THREAD_ID-01:RT:flow_ipv4_rt_lkup success 192.168.10.2, iifl 0x49, oifl 0x46
Sep 13 07:46:33 07:46:33.358224:CID-0:THREAD_ID-01:RT:L2 TRP drop the mix-mode through traffic for irb.10, dst:192.168.10.2, in vr_id: 0
Sep 13 07:46:33 07:46:33.358227:CID-0:THREAD_ID-01:RT:flow_initiate_first_path: first pak no session
Sep 13 07:46:33 07:46:33.358227:CID-0:THREAD_ID-01:RT: flow find session returns error.
Sep 13 07:46:33 07:46:33.358228:CID-0:THREAD_ID-01:RT:flow_proc_rc: -1.
Sep 13 07:46:33 07:46:33.358229:CID-0:THREAD_ID-01:RT: ----- flow_process_pkt rc 0x7 (fp rc -1)
Sep 13 07:46:34 07:46:34.628222:CID-0:THREAD_ID-01:RT:jsf sess close notify
Sep 13 07:46:34 07:46:34.628224:CID-0:THREAD_ID-01:RT:flow_ipv4_del_flow: sess 74, in hash 32