Routing

 View Only
last person joined: 2 days ago 

Ask questions and share experiences about ACX Series, CTP Series, MX Series, PTX Series, SSR Series, JRR Series, and all things routing, including portfolios and protocols.
  • 1.  Loopback not reachable

    Posted 05-13-2022 17:24
    Hello team,

    I need some help, i got two old junipers in order to learn, an SRX and a J2320, the problem im facing is that i can ping the loopback SRX>J2320 however not J2320>SRX, im new and im sure i have made a stupid mistake somewhere but i don't have anyone more technical around me to ask for help, its been a few days trying to figure this out.


    admin2@JuniperSRX# run show interfaces terse
    Interface Admin Link Proto Local Remote
    fe-0/0/0 up up
    fe-0/0/0.0 up up inet 192.168.1.253/24
    fe-0/0/1 up up
    fe-0/0/1.0 up up inet 10.1.1.1/30
    fe-0/0/2 up up
    fe-0/0/2.0 up up inet 10.1.1.5/30
    lo0 up up
    lo0.0 up up inet 10.10.10.1 --> 0/0
    lo0.16384 up up inet 127.0.0.1 --> 0/0
    lo0.16385 up up inet 10.0.0.1 --> 0/0
    10.0.0.16 --> 0/0
    128.0.0.1 --> 0/0
    128.0.0.4 --> 0/0
    128.0.1.16 --> 0/0

    admin2@JuniperSRX# run ping 10.1.1.2
    PING 10.1.1.2 (10.1.1.2): 56 data bytes
    --- 10.1.1.2 ping statistics ---
    3 packets transmitted, 3 packets received, 0% packet loss
    round-trip min/avg/max/stddev = 2.104/2.163/2.223/0.049 ms


    admin2@JuniperSRX# run ping 10.10.10.4
    --- 10.10.10.4 ping statistics ---
    3 packets transmitted, 3 packets received, 0% packet loss
    round-trip min/avg/max/stddev = 2.030/2.107/2.205/0.073 ms
    ------------------------------------------------------------------


    admin2@JuniperJ2320# run show interfaces terse
    Interface Admin Link Proto Local Remote
    ge-0/0/0 up up
    ge-0/0/0.0 up up inet 192.168.1.254/24
    ge-0/0/1 up up
    ge-0/0/1.0 up up inet 10.1.1.2/30
    ge-0/0/2 up up
    ge-0/0/2.0 up up inet 10.1.1.6/30

    lo0 up up
    lo0.0 up up inet 10.10.10.4 --> 0/0
    lo0.16385 up up inet 10.0.0.1 --> 0/0
    10.0.0.16 --> 0/0


    admin2@JuniperJ2320# run ping 10.1.1.1
    --- 10.1.1.1 ping statistics ---
    6 packets transmitted, 6 packets received, 0% packet loss
    round-trip min/avg/max/stddev = 1.154/1.246/1.639/0.176 ms


    admin2@JuniperJ2320# run ping 10.10.10.1
    --- 10.10.10.1 ping statistics ---
    10 packets transmitted, 0 packets received, 100% packet loss


    ---------------------------------------
    Full config for both devices is below

    admin2@JuniperSRX# run show configuration | display set
    set version 12.1X46-D35.1
    set system host-name JuniperSRX
    set system time-zone GMT+1
    set system root-authentication encrypted-password "$1$QkIbWUTq$ql67TbYMqv/OrSEh6w8OS/"
    set system name-resolution no-resolve-on-input
    set system login user admin2 uid 2002
    set system login user admin2 class super-user
    set system login user admin2 authentication encrypted-password "$1$Fm9OzDeh$9bSi1KA.pngoh4cZU8jFe."
    set system services ssh
    set system services telnet
    set system services web-management http interface fe-0/0/7.0
    set system services web-management https system-generated-certificate
    set system services web-management https interface fe-0/0/7.0
    set system services web-management session idle-timeout 60
    set system syslog archive size 100k
    set system syslog archive files 3
    set system syslog user * any emergency
    set system syslog file messages any critical
    set system syslog file messages authorization info
    set system syslog file interactive-commands interactive-commands error
    set system max-configurations-on-flash 5
    set system max-configuration-rollbacks 5
    set system license autoupdate
    set system ntp
    set interfaces fe-0/0/0 unit 0 family inet address 192.168.1.253/24
    set interfaces fe-0/0/1 unit 0 family inet address 10.1.1.1/30
    set interfaces fe-0/0/2 unit 0 family inet address 10.1.1.5/30
    set interfaces fe-0/0/7 unit 0 family inet
    set interfaces lo0 unit 0 family inet address 10.10.10.1/32
    set routing-options static route 10.10.10.4/32 next-hop 10.1.1.2
    set security zones security-zone Internal host-inbound-traffic system-services all
    set security zones security-zone Internal host-inbound-traffic protocols all
    set security zones security-zone Internal interfaces fe-0/0/7.0 host-inbound-traffic system-services all
    set security zones security-zone Internal interfaces fe-0/0/7.0 host-inbound-traffic protocols all
    set security zones security-zone Internal interfaces fe-0/0/0.0 host-inbound-traffic system-services all
    set security zones security-zone Internal interfaces fe-0/0/0.0 host-inbound-traffic protocols all
    set security zones security-zone Internal interfaces fe-0/0/2.0 host-inbound-traffic system-services all
    set security zones security-zone Internal interfaces fe-0/0/2.0 host-inbound-traffic protocols all
    set security zones security-zone Internal interfaces lo0.0 host-inbound-traffic system-services all
    set security zones security-zone Internal interfaces lo0.0 host-inbound-traffic protocols all
    set security zones security-zone Internal interfaces fe-0/0/1.0 host-inbound-traffic system-services all
    set security zones security-zone Internal interfaces fe-0/0/1.0 host-inbound-traffic protocols all

    [edit]
    admin2@JuniperSRX#


    admin2@JuniperJ2320# run show configuration | display set
    set version 8.5R3.4
    set system host-name JuniperJ2320
    set system time-zone Europe/Sofia
    set system root-authentication encrypted-password "$1$xJbYZ8Vw$HjGh6v.ZTq79MJzP9chkJ0"
    set system login user admin2 uid 2002
    set system login user admin2 class superuser
    set system login user admin2 authentication encrypted-password "$1$byyE2/uP$urkxtJIW6GNEjwT.9ySQq0"
    set system services ssh root-login allow
    set system services ssh protocol-version v2
    set system services telnet
    set system services web-management http interface ge-0/0/0.0
    set system services web-management http interface ge-0/0/1.0
    set system services web-management http interface ge-0/0/3.0
    set system syslog user * any emergency
    set system syslog file messages any any
    set system syslog file messages authorization info
    set system syslog file interactive-commands interactive-commands any
    set interfaces ge-0/0/0 description WAN
    set interfaces ge-0/0/0 unit 0 family inet address 192.168.1.254/24
    set interfaces ge-0/0/1 unit 0 family inet address 10.1.1.2/30
    set interfaces ge-0/0/2 unit 0 family inet address 10.1.1.6/30
    set interfaces lo0 unit 0 family inet address 10.10.10.4/32
    set routing-options static route 10.10.10.1/32 next-hop 10.1.1.1

    [edit]
    admin2@JuniperJ2320#

    ------------------------------
    RADOSTIN KIRILOV
    ------------------------------


  • 2.  RE: Loopback not reachable

    Posted 05-15-2022 05:22
    Hi, 

    This is normal, you need to configure your security zone in the SRX, and enable ping services, try something like this:

    set security zone security-zone trust interface fe-0/0/0 host-inbound-traffic system services ping

    Thanks,

    ------------------------------
    GABRIEL FLORES
    ------------------------------



  • 3.  RE: Loopback not reachable

    Posted 05-18-2022 05:49
    Hello Mr Flores,  thank you for helping me, i just added the below without success

    admin2@JuniperSRX# run show configuration | display set | match ping
    set security zones security-zone Internal interfaces fe-0/0/0.0 host-inbound-traffic system-services ping
    set security zones security-zone Internal interfaces lo0.0 host-inbound-traffic system-services ping

    [edit]
    admin2@JuniperSRX#

    First i tried with the the interface fe-0/0/0.0 without success and then added the same for the loopback but it remains the same I'm afraid. My security zone is called "Internal" do i need to make a new one for fe-0/0/0.0 and lo0.0 ?

    Thank you.

    ------------------------------
    RADOSTIN KIRILOV
    ------------------------------



  • 4.  RE: Loopback not reachable

    Posted 05-18-2022 09:38
    Hello Mr. Flores

    I figured it out, i was googling around for some information on what could be causing this and found an old forum post about some bandwidth test (not related to my issue) but then i found this "admin2@JuniperSRX# set security policies default-policy permit-all " i thought to myself humm that looks like it could be something that will help and it did!!!

    admin2@JuniperSRX# run ping 10.10.10.4
    PING 10.10.10.4 (10.10.10.4): 56 data bytes
    64 bytes from 10.10.10.4: icmp_seq=0 ttl=64 time=2.178 ms
    64 bytes from 10.10.10.4: icmp_seq=1 ttl=64 time=2.298 ms
    ^C
    --- 10.10.10.4 ping statistics ---
    2 packets transmitted, 2 packets received, 0% packet loss
    round-trip min/avg/max/stddev = 2.178/2.238/2.298/0.060 ms

    [edit]
    admin2@JuniperSRX#

    admin2@JuniperJ2320# run ping 10.10.10.1
    PING 10.10.10.1 (10.10.10.1): 56 data bytes
    64 bytes from 10.10.10.1: icmp_seq=0 ttl=64 time=2.135 ms
    64 bytes from 10.10.10.1: icmp_seq=1 ttl=64 time=4.229 ms
    64 bytes from 10.10.10.1: icmp_seq=2 ttl=64 time=1.172 ms
    ^C
    --- 10.10.10.1 ping statistics ---
    3 packets transmitted, 3 packets received, 0% packet loss
    round-trip min/avg/max/stddev = 1.172/2.512/4.229/1.276 ms

    Thank you so much for the help.

    Thank you.

    ------------------------------
    RADOSTIN KIRILOV
    ------------------------------