Juniper SRX ge-0/0/0 attached to cellular provider on private APN
2 cellular routers (default route from provider is to the srx)
gre tunnel between each cellular router and the SRX
routes setup so management of each cellular router does not go through gre tunnel
management, gre tunnel have their own zones
I wanted to allow management traffic between the two cell modems so I created zone policy allowing traffic from management zone to management zone however this does not work. To experiment I turned default policy to permit all and it works fine.
To troubleshoot I am trying to ping from cell modem to cell modem. I am not seeing the ping when monitoring traffic on ge-0/0/0 either when the policy is set to permit or to deny (even though it works when default policy is permit)
Hopefully someone can point me to something that can help me troubleshoot. I am sure its a simple thing somewhere.