Hey All,
I'm working on a physical lab with 3x SRX210s, 3 Cisco ME3400's, and a Cisco 1841 in training myself up when it comes to multi-area OSPF LSA propagation. I've turned up area 0 (which consists of the three SRXs) and area 10 (which consists an interface on SRX1, the ME3400, and the 1841 acting as the INET router for BGP (NSSA). All of my interconnects, loopbacks, and BGP routes are in each of the routing tables on the backbone, but I am unable to ping across any devices sourcing the loopbacks from the SRXs.
SRX1 can ping everything within area 1 sourcing its loopback (12.0.0.1), but nothing inside of area 1 can ping that loopback. I'm beginning to think that there is something more at hand with possibly the security zones, although I have run a similar setup with single area OSPF with these same routers and had no problem:
zones {
security-zone trust {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
vlan.0;
ge-0/0/0.0 {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
}
ge-0/0/1.0 {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
}
fe-0/0/2.0 {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
}
lo0.0 {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
}
}
}
All three routers have the same security settings enabled. Should I be holding up progress by not being able to ping and just continue to move forward as long as the routes are being advertised with the correct LSAs/Metrics/etc? Any help would be appreciated.
Thanks!