Juniper SRX550 issues

‎08-07-2017 06:56 PM



I have a problem with Juniper SRX 550 HA,

My interface Reth3.0 have five ip address in CT-2 VR.


But i can not ping internet using 222.73.109.XX5,  just ping can not !


the other address normal.


my configure below:


{primary:node0}[edit interfaces reth3 unit 0]
superman@NH-IDC-A# show
family inet {
address 222.73.109.XX1/29;
address 222.73.109.XX2/29;
address 222.73.109.XX3/29;
address 222.73.109.XX4/29;
address 222.73.109.XX5/29;


{primary:node0}[edit routing-instances CT-2]
superman@NH-IDC-A# show
instance-type virtual-router;
interface reth3.0;

routing-options {
interface-routes {
rib-group inet BIG-rib;

 route next-hop 222.73.109.XXX;



ping test:


superman@NH-IDC-A# run ping routing-instance CT-2 source 222.73.109.XX4
PING ( 56 data bytes
64 bytes from icmp_seq=0 ttl=40 time=53.217 ms
64 bytes from icmp_seq=1 ttl=40 time=52.182 ms
64 bytes from icmp_seq=2 ttl=40 time=52.472 ms



superman@NH-IDC-A# run ping routing-instance CT-2 source 222.73.109.XX5
PING ( 56 data bytes
--- ping statistics ---
4 packets transmitted, 0 packets received, 100% packet loss


can anyone help me ?



Re: Juniper SRX550 issues

‎08-07-2017 10:46 PM
Is it working with all other 4 IPs (1,2,3,4)? and is it the same for all destinations ? For example. try to ping the next-hop IP address instead of ? Is the behaviour same ? Is the next-hop sending ARP request for this IP and SRX replying ? Is there any other configuration like NAT/Firewall Filters etc ? Security Flow trace/monitor traffic will help us find if SRX is receiving the reply from the upstream device or not ...
Pradeep 2xJNCIE(SEC/ENT)