This message was posted by a user wishing to remain anonymous
Topology: EVG-NG 2*vSRX (running 22.3R1.11) r1----------r2
ISIS is up, route is available but only I cannot ping the each others loopback IP. What security config miss is causing this problem, can someone please help?
r1 config:
set security forwarding-options family iso mode packet-based
set security zones security-zone trust tcp-rst
set security zones security-zone trust interfaces ge-0/0/0.0 host-inbound-traffic system-services all
set security zones security-zone trust interfaces ge-0/0/0.0 host-inbound-traffic protocols all
set security zones security-zone trust interfaces lo0.0 host-inbound-traffic system-services all
set security zones security-zone trust interfaces lo0.0 host-inbound-traffic protocols all
set interfaces ge-0/0/0 unit 0 description to-R2
set interfaces ge-0/0/0 unit 0 family inet address 10.0.0.12/27
set interfaces ge-0/0/0 unit 0 family iso
set interfaces fxp0 unit 0
set interfaces lo0 unit 0 family inet address 192.168.0.1/32
set interfaces lo0 unit 0 family iso address 49.0100.0192.0168.0000.0001.00
set protocols isis interface ge-0/0/0.0 point-to-point
set protocols isis interface lo0.0
set protocols isis level 1 disable
r2 config:
set security forwarding-options family iso mode packet-based
set security zones security-zone trust tcp-rst
set security zones security-zone trust interfaces ge-0/0/0.0 host-inbound-traffic system-services all
set security zones security-zone trust interfaces ge-0/0/0.0 host-inbound-traffic protocols all
set security zones security-zone trust interfaces lo0.0 host-inbound-traffic system-services all
set security zones security-zone trust interfaces lo0.0 host-inbound-traffic protocols all
set interfaces ge-0/0/0 unit 0 description to-R1
set interfaces ge-0/0/0 unit 0 family inet address 10.0.0.21/27
set interfaces ge-0/0/0 unit 0 family iso
set interfaces fxp0 unit 0
set interfaces lo0 unit 0 family inet address 192.168.0.2/32
set interfaces lo0 unit 0 family iso address 49.0100.0192.0168.0000.0002.00
set protocols isis interface ge-0/0/0.0 point-to-point
set protocols isis interface lo0.0
set protocols isis level 1 disable
root@r1# run show route
inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.0.0.0/27 *[Direct/0] 02:32:25
> via ge-0/0/0.0
10.0.0.12/32 *[Local/0] 02:32:25
Local via ge-0/0/0.0
192.168.0.1/32 *[Direct/0] 02:30:26
> via lo0.0
192.168.0.2/32 *[IS-IS/18] 00:56:50, metric 10
> to 10.0.0.21 via ge-0/0/0.0
root@r2# run show route
inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.0.0.0/27 *[Direct/0] 02:32:40
> via ge-0/0/0.0
10.0.0.21/32 *[Local/0] 02:32:40
Local via ge-0/0/0.0
192.168.0.1/32 *[IS-IS/18] 00:56:36, metric 10
> to 10.0.0.12 via ge-0/0/0.0
192.168.0.2/32 *[Direct/0] 02:29:47
> via lo0.0