Unable ping remote router from a SRX220 with an Accedian layer2 switch

I assume you have verified that the interface facing the ISP is assigned to a zone and has ping allowed in host inbound traffic.

Or is this the same device already working on the previous circuit?

Since they are both Juniper make sure they are not clusters with the same id which would generate the same mac addresses on the device.

And from the packet captures on the laptop working can you verify what mac address comes from the ISP SRX to compare with your own mac addresses.

Yes: the interfaces are in a security zone and I think there is no a routing configuration error because if I connect a spare device with the IP address of the ISP router, I can ping using my SRX.

We also have another spare device which faces the same issue.

Now we are using the same ISP, the same configuration and same IP addresses and the only difference is the Layer 2 switch that connects our Juniper with their one (in the working case: a Nokia/Siemens).

Non working configuration:

Juniper (on premise) ----- Accedian (layer 2 switch) ----- Juniper (ISP router)

Working (as test) configuration:

Laptop ----- Accedian (layer 2 switch) ----- Juniper (ISP router)

Working (as test) configuration (2)*:

Juniper (on premise) ----- HP Switch ----- Juniper (on premise) 

* this configuration only to test if routing/configuration works as expected since is all on-premise

The MAC address retrieved from the laptop is the mac address of the remote router. The ending .105 address is the remote router, while the .107 is the Laptop (in this case) or the 'WAN' interface of the Juniper on-premise.

No.     Time           Source                Destination           Protocol Length Info
      1 0.000000       Dell_a4:19:d9         Broadcast             ARP      42     Who has XXX.XXX.XXX.105? Tell XXX.XXX.XXX.107

Frame 1: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Dell_a4:19:d9 (18:03:73:a4:19:d9), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Address Resolution Protocol (request)

No.     Time           Source                Destination           Protocol Length Info
      2 0.002308       JuniperN_b7:5f:f0     Dell_a4:19:d9         ARP      56     XXX.XXX.XXX.105 is at 28:c0:da:b7:5f:f0

Frame 2: 56 bytes on wire (448 bits), 56 bytes captured (448 bits) on interface 0
Ethernet II, Src: JuniperN_b7:5f:f0 (28:c0:da:b7:5f:f0), Dst: Dell_a4:19:d9 (18:03:73:a4:19:d9)
Address Resolution Protocol (reply)

No.     Time           Source                Destination           Protocol Length Info
      3 0.014901       Dell_a4:19:d9         Broadcast             ARP      42     Who has XXX.XXX.XXX.105? Tell XXX.XXX.XXX.107

Frame 3: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Dell_a4:19:d9 (18:03:73:a4:19:d9), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Address Resolution Protocol (request)

No.     Time           Source                Destination           Protocol Length Info
      4 0.017226       JuniperN_b7:5f:f0     Dell_a4:19:d9         ARP      56     XXX.XXX.XXX.105 is at 28:c0:da:b7:5f:f0

Frame 4: 56 bytes on wire (448 bits), 56 bytes captured (448 bits) on interface 0
Ethernet II, Src: JuniperN_b7:5f:f0 (28:c0:da:b7:5f:f0), Dst: Dell_a4:19:d9 (18:03:73:a4:19:d9)
Address Resolution Protocol (reply)

Thanks.

By the way: this is what I see from the Juniper (on premise) interface, with no answer

10:20:35.058592 bpf_flags 0x80, Out
Juniper PCAP Flags [Ext], PCAP Extension(s) total length 16
Device Media Type Extension TLV #3, length 1, value: Ethernet (1)
Logical Interface Encapsulation Extension TLV #6, length 1, value: Ethernet (14)
Device Interface Index Extension TLV #1, length 2, value: 35584
Logical Interface Index Extension TLV #4, length 4, value: 99
-----original packet-----
78:19:f7:a6:b0:05 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: arp who-has XXX.XXX.XXX.105 (remote router) tell XXX.XXX.XXX.106 (local interface)

Odd issue.  I notice you are testing the laptop on 107 and have 106 configured on the SRX.  Can you test reversiing these?  

I'm wondering if something else in has the 106 address and that is why you don't see the response.

I'm sure you verified the masks already too with the provider to be sure they match on all three devices.

Very odd

The IP addresses are correct: I tested both .106 and .107 to 110 (.111 is the broadcast).

The only difference is the encapsulation. See the attached image: on the left the Laptop, on the right the Juniper

In the Juniper packet, I also notice a Juniper/Ethernet extension in the request which contains a 'Magic Number' (not depicted here).

Thanks.

I don't think the encapsulation is the issue.  but am at a loss to see an obvious solution on your side.

Any chance the ISP would do a joint session to observe the arp requests on the local switch during a troubleshooting session from the SRX on site.

And verify the request is flooded to the MX upstream.