Routing

I'am so confusing to get connected from the internet with my Layer 3 Routed VLAN on srx100B .

 on router 2 srx100b i can ping to router-1

root@ROUTER-2# run ping 172.10.11.2
PING 172.10.11.2 (172.10.11.2): 56 data bytes
64 bytes from 172.10.11.2: icmp_seq=0 ttl=64 time=2.583 ms

but,  if i am use ping source , im not get action or, reply from 172.10.11.2

root@ROUTER-2# run ping 172.10.11.2 source 192.168.100.1
PING 172.10.11.2 (172.10.11.2): 56 data bytes
...
...
--

....
root@ROUTER-2# run ping 8.8.8.8 source 10.11.12.14
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: icmp_seq=0 ttl=48 time=49.530 ms
64 bytes from 8.8.8.8: icmp_seq=1 ttl=48 time=49.709 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=48 time=50.789 ms

can't access to the internet

root@ROUTER-2# run ping 8.8.8.8 source 192.168.100.1
PING 8.8.8.8 (8.8.8.8): 56 data bytes
...
..

...

 sample topology :

                                 -----------------------                ------------------

 the internet   ----->  |  ROUTER-1 |  ----------> |    SRX100B  |  L3 routed VLAN

                                 -----------------------                -------------------

Here's My Configuration on router 2 SRX100B

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2013.04.24 02:22:48 =~=~=~=~=~=~=~=~=~=~=~=

root@ROUTER-2# run show configuration | no-more    
## Last commit: 2013-04-24 01:59:28 UTC by root
version 10.4R1.9;
system {
    host-name ROUTER-2;
    root-authentication {
        encrypted-password "$1$AvS8MiNg$IE0obTNf0OOYJ8JFHy0J.."; ## SECRET-DATA
    }
    services {
        dhcp {
            default-lease-time 3600;
            domain-name unit-engineer.net;
            name-server {
                8.8.8.8;
                8.8.4.4;
            }
            router {
                192.168.100.1;
            }
            pool 192.168.100.0/24 {
                address-range low 192.168.100.10 high 192.168.100.254;
            }
        }
    }
}
interfaces {
    fe-0/0/0 {
        unit 0 {
            family inet {
                address 10.11.12.14/24;
            }
        }
    }
    fe-0/0/1 {
        unit 0 {
            description ***UNIT-SALES**;
            family ethernet-switching {
                vlan {
                    members V_100;
                }
            }
        }
    }
    fe-0/0/2 {
        unit 0 {
            description ***UNIT-FINANCE***;
            family ethernet-switching {
                vlan {
                    members V_200;
                }
            }
        }
    }
    vlan {
        unit 100 {
            family inet {
                address 192.168.100.1/24;
            }
        }
        unit 200 {
            family inet {
                address 192.168.200.1/24;
            }
        }
    }
}
routing-options {
    static {
        route 0.0.0.0/0 next-hop 10.11.12.13;
    }
}
security {
    zones {
        security-zone TRUST-TO-R1 {
            interfaces {
                fe-0/0/0.0 {
                    host-inbound-traffic {
                        system-services {
                            http;
                            ping;
                            all;
                        }
                    }
                }
            }
        }
        security-zone VLAN-SALES {
            interfaces {
                vlan.100 {
                    host-inbound-traffic {
                        system-services {
                            all;
                        }
                        protocols {
                            all;
                        }
                    }
                }
            }
        }
        security-zone VLAN-100 {
            interfaces {
                fe-0/0/1.0 {
                    host-inbound-traffic {
                        system-services {
                            all;
                        }
                        protocols {
                            all;
                        }
                    }
                }
            }
        }
        security-zone pol;
    }
    policies {
        from-zone VLAN-SALES to-zone TRUST-TO-R1 {
            policy ALLOW-TRAFFIC-FROM-VLAN-100 {
                match {
                    source-address any;
                    destination-address any;
                    application any;
                }
                then {
                    permit;
                }
            }
        }
        from-zone TRUST-TO-R1 to-zone VLAN-SALES {
            policy TO-VLAN-100 {
                match {
                    source-address any;
                    destination-address any;
                    application any;
                }
                then {
                    permit;
                }
            }
        }
        from-zone VLAN-100 to-zone TRUST-TO-R1 {
            policy ALLOW-VLAN-100-TO-R1 {
                match {
                    source-address any;
                    destination-address any;
                    application any;
                }
                then {
                    permit;
                }
            }
        }
        from-zone TRUST-TO-R1 to-zone VLAN-100 {
            policy ALLOW-VLAN-100-TO-R1 {
                match {
                    source-address any;
                    destination-address any;
                    application any;
                }
                then {
                    permit;
                }
            }
        }
        from-zone VLAN-SALES to-zone VLAN-100 {
            policy TRUST-T0-TRUST {
                match {
                    source-address any;
                    destination-address any;
                    application any;
                }
                then {
                    permit;
                }
            }
        }
    }
}
vlans {
    V_100 {
        vlan-id 100;
        l3-interface vlan.100;
    }
    V_200 {
        vlan-id 200;
        l3-interface vlan.200;
    }
}

Please i am need help for this problem goal on this case.

It appears that router-1 does not have a route back to the 192.168.x.x networks behind the SRX.  You'll either need to configure static routes on router-1 to the networks behind the SRX or configure a dynamic routing protocol such as OSPF between your routers.

By the way, thank you very much before,

Can you give me step by step instructions on how to dynamic routing protocol such as OSPF.

What Is the First Step to Starting configure my router ?
-step one,  on Router-1 what should i do

-step two , on Router-2  ?

can you help me please ?

---

@marlon_altino wrote:

By the way, thank you very much before,

 

Can you give me step by step instructions on how to dynamic routing protocol such as OSPF.

What Is the First Step to Starting configure my router ?
-step one,  on Router-1 what should i do

-step two , on Router-2  ?

 

can you help me please ?

 

---

If you're unfamiliar with how protocols like OSPF operate, it's probably best not to fiddle with it on a live network.

I would suggest that you first configure static routes on your router-1 to get things working.  Then, you can read up on how to implement OSPF on the SRX (SRX Getting Started - Configure OSPF) and whatever kind of router router-1 is.  You really should have at least a cursory understanding of how the protocol works before attempting to implement it -- a lab would be a great idea in this case.

Hii.. keithr

of course i'm on my lab now before implementing 🙂 

and Thank you for your suggestion ...

I try to use the equivalent of your recommendations about protokol OSPF.

Thank you very much.