We have a pair of SRX220H2 devices. Both connect to the Internet via interface ge-0/0/0; one device has a standard interface bound IP the other requires encapsulation ppp-over-ether.
The issue am having, is that for the PPoE device, PING and HTTPS (which we are using for Dyanmic VPN) are not working but IKE seems to be as we are running a stie-to-site VPN which is working fine.
I've tried several configuration variations placing the required services in host-inbound-traffic in both the zone and the interface but it isn't working. I'd appreciate any thoughts.
The current relevant configruation bits are as follows:
ge-0/0/0 {
speed 100m;
link-mode full-duplex;
gigether-options {
no-auto-negotiation;
}
unit 0 {
encapsulation ppp-over-ether;
}
}
pp0 {
unit 0 {
apply-macro <name>;
ppp-options {
chap {
default-chap-secret "<secret>";
local-name "<name>";
no-rfc2486;
passive;
}
}
pppoe-options {
underlying-interface ge-0/0/0.0;
client;
}
family inet {
mtu 1492;
address a.b.c.d/24;
}
}
}
security-zone z-Internet {
screen screen-internet;
host-inbound-traffic {
system-services {
ike;
}
}
interfaces {
pp0.0 {
host-inbound-traffic {
system-services {
ike;
ping;
https;
}
}
}
}
}