Junos OS

last person joined: 7 days ago 

Ask questions and share experiences about Junos OS.

  • 1.  Site to Site Tunnel can ping from one side only

    Posted 04-30-2015 07:39

    Attached is the running config. Currently I can ping rdp etc to the remote SRX site from my Cisco side. If I run a tracert from the remote side it pushes the traffic out the WAN interface it appears. Did I miss something in my config?



  • 2.  RE: Site to Site Tunnel can ping from one side only

     
    Posted 04-30-2015 11:02
    Can you share "show route <cisco-lan> | no-more from SRX


  • 3.  RE: Site to Site Tunnel can ping from one side only

    Posted 04-30-2015 11:23

    Please see the attached, and I thank you for the help.



  • 4.  RE: Site to Site Tunnel can ping from one side only

    Posted 04-30-2015 18:28

    I also ran a trace and found the follow. It does appear that my remote site traffic is not routing out the VPN interfaces, but why? Any ideas?

     

     

    @CPARK> show log traffic-log |match 172.25.1.4


    Apr 30 21:15:11  CPARK RT_FLOW: RT_FLOW_SESSION_CLOSE: session closed idle Timeout: 192.168.0.1/62352->172.25.1.4/1 icmp PUBLIC IP->172.25.1.4/1 CPARK_SUBNET None 1 Data_Untrust Data untrust 155617 1(60) 0(0) 59 UNKNOWN UNKNOWN N/A(N/A) fe-0//1.500 UNKNOWN

    Apr 30 21:18:19  CPARK RT_FLOW: RT_FLOW_SESSION_DENY: session denied 192.168.0.98/4->172.25.1.4/35 icmp



  • 5.  RE: Site to Site Tunnel can ping from one side only
    Best Answer

    Posted 04-30-2015 18:41

    Figured it out 🙂 interfaces were missing the filter inputs. Life is good again!



  • 6.  RE: Site to Site Tunnel can ping from one side only

    Posted 05-01-2015 11:45

    Hello,

    Glad to see You implemented my suggestion

     

        rib-groups {
        Management {
            import-rib [ inet.0 ASA-1.inet.0 ASA-2.inet.0 ];
        }
    }

    http://forums.juniper.net/t5/Junos/IPSEC-routing-troubles/m-p/272932#M9024

     

    Thanks

    Alex