I should not need routes in teh router vr becuase the are directly connected. I add policy and that did not help.
Here a copy of the routing table. and the policy
What LT
Thank you for the Help
Ed
root@srxA-1# run show route
inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.0.1.0/24 *[Direct/0] 22:35:57
> via fe-0/0/0.0
10.0.1.201/32 *[Local/0] 22:37:21
Local via fe-0/0/0.0
172.18.1.0/30 *[Direct/0] 22:37:17
> via fe-0/0/3.0
172.18.1.2/32 *[Local/0] 22:37:21
Local via fe-0/0/3.0
172.18.2.0/30 *[Static/5] 15:39:52
to table router.inet.0
192.168.1.1/32 *[Direct/0] 22:37:51
> via lo0.0
router.inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
172.18.1.0/30 *[Direct/0] 22:37:18
> via fe-0/0/5.0
172.18.1.1/32 *[Local/0] 22:37:21
Local via fe-0/0/5.0
172.18.2.0/30 *[Direct/0] 20:53:03
> via fe-0/0/6.0
172.18.2.1/32 *[Local/0] 22:37:21
Local via fe-0/0/6.0
vr101.inet.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
172.20.101.0/24 *[Direct/0] 20:53:02
> via fe-0/0/4.101
172.20.101.1/32 *[Local/0] 22:37:22
Local via fe-0/0/4.101
vr201.inet.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
172.20.201.0/24 *[Direct/0] 20:53:02
> via fe-0/0/4.201
172.20.201.1/32 *[Local/0] 22:37:22
Local via fe-0/0/4.201
security {
policies {
from-zone free-route to-zone free-route {
policy free-route {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone free-route to-zone untrust {
policy free-untrust {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
log {
session-init;
}
}
}
}
from-zone untrust to-zone free-route {
policy untrust-free {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
log {
session-init;
}
}
}
}
}