Hi J-NET Community,
i'm currently testing a SRX 240 Gateway, kindly provided by TLK (German Juniper distributor).
Nearly everything works as expected, but FBFcauses some trouble with 2 ISPs (connected by PPPoEoA). The primary subnet (10.0.0.0/16) is separated in /24 subnets (using L3 Switch). Layer 3 Switch has IP 10.0.255.2/24, SRX 10.0.255.4/24. 3 subnets (10.0.128.0/24, 10.0.129.0/24, 10.0.130.0/24) should be source natted outside, using pp0.1, all other connections should be natted outside (by pp0.0). DMZ is routed, using pp0.0
Everything works fine, but i can't reach the SRX directly (e.g. SSH connections) from the 3 Subnets, routed by the other routing instance.
Examples:
(from 10.0.128.1) ping -c 5 10.0.255.4
PING 10.0.255.4 (10.0.255.4) 56(84) bytes of data.
^C
--- 10.0.255.4 ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 4009ms
(from SRX, 10.0.255.4) ping 10.0.128.1 count 5
PING 10.0.128.1 (10.0.128.1): 56 data bytes
64 bytes from 10.0.128.1: icmp_seq=0 ttl=63 time=1.522 ms
64 bytes from 10.0.128.1: icmp_seq=1 ttl=63 time=1.119 ms
64 bytes from 10.0.128.1: icmp_seq=2 ttl=63 time=1.229 ms
64 bytes from 10.0.128.1: icmp_seq=3 ttl=63 time=1.116 ms
64 bytes from 10.0.128.1: icmp_seq=4 ttl=63 time=1.115 ms
--- 10.0.128.1 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 1.115/1.220/1.522/0.157 ms
(from 10.0.2.1) ping 10.0.255.4
PING 10.0.255.4 (10.0.255.4) 56(84) bytes of data.
64 bytes from 10.0.255.4: icmp_seq=1 ttl=63 time=0.436 ms
64 bytes from 10.0.255.4: icmp_seq=2 ttl=63 time=0.471 ms
64 bytes from 10.0.255.4: icmp_seq=3 ttl=63 time=0.489 ms
64 bytes from 10.0.255.4: icmp_seq=4 ttl=63 time=0.475 ms
64 bytes from 10.0.255.4: icmp_seq=5 ttl=63 time=0.481 ms
^C
--- 10.0.255.4 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4012ms
rtt min/avg/max/mdev = 0.436/0.470/0.489/0.026 ms
Routing-Table etc. looks fine!
Flow debug messages and config (blanked) is attached. The SRX runs on JUNOS Software Release [9.6R1.13]
Please take especially a look at "install nsp2 failed".
Any help is appreciated 😉