Hi Steve/Juniper Gurus,
Thank you very much for your help and your prompt response. I have changed the IPs of the physical and virtual vSRX to start fresh but still not working. I can ping both ways and added the security zones for ospf per interface and passive. Would you be so kind what i'm missing here why no ospf adjacencies with physical and virtual SRX?
Physical SRX FE-0/0/2 - 192.168.50.41/24;
chris@core1> show configuration
## Last commit: 2020-05-13 19:36:36 UTC by chris
version 12.1X46-D40.2;
system {
host-name core1;
time-zone toronto;
root-authentication {
encrypted-password "$1$U.eGDp4L$QZnHxpl6kkNB7xW5N3O0g0"; ## SECRET-DATA
}
name-server {
208.67.222.222;
208.67.220.220;
}
login {
user chris {
uid 2009;
class super-user;
authentication {
encrypted-password "$1$AbbN5ka3$9l6CwHdvvRbBnIL0pFKFk/"; ## SECRET-DATA
}
}
}
services {
ssh;
telnet;
xnm-clear-text;
web-management {
http {
interface vlan.0;
}
https {
system-generated-certificate;
interface vlan.0;
}
}
dhcp {
router {
192.168.1.1;
}
pool 192.168.1.0/24 {
address-range low 192.168.1.2 high 192.168.1.254;
}
propagate-settings ge-0/0/0.0;
}
}
syslog {
archive size 100k files 3;
user * {
any emergency;
}
file messages {
any critical;
authorization info;
}
file interactive-commands {
interactive-commands error;
}
}
max-configurations-on-flash 5;
max-configuration-rollbacks 5;
license {
autoupdate {
url https://ae1.juniper.net/junos/key_retrieval;
}
}
}
interfaces {
ge-0/0/0 {
unit 0;
}
ge-0/0/1 {
unit 0 {
family inet {
address 192.168.50.51/24;
}
}
}
fe-0/0/2 {
unit 0 {
family inet {
address 192.168.50.41/24;
}
}
}
fe-0/0/3 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
fe-0/0/4 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
fe-0/0/5 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
fe-0/0/6 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
fe-0/0/7 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
lo0 {
unit 0 {
family inet {
address 1.1.1.1/24;
address 11.11.11.11/24;
}
}
}
vlan {
unit 0 {
family inet {
address 192.168.1.1/24;
}
}
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop 192.168.50.1;
}
}
protocols {
ospf {
area 0.0.0.0 {
interface ge-0/0/1.0 {
interface-type p2p;
}
interface lo0.0 {
passive;
}
interface vlan.0 {
passive;
}
interface fe-0/0/2.0;
}
}
stp;
}
security {
screen {
ids-option untrust-screen {
icmp {
ping-death;
}
ip {
source-route-option;
tear-drop;
}
tcp {
syn-flood {
alarm-threshold 1024;
attack-threshold 200;
source-threshold 1024;
destination-threshold 2048;
timeout 20;
}
land;
}
}
}
nat {
source {
rule-set trust-to-untrust {
from zone trust;
to zone untrust;
rule source-nat-rule {
match {
source-address 0.0.0.0/0;
}
then {
source-nat {
interface;
}
}
}
}
}
}
policies {
from-zone trust to-zone untrust {
policy trust-to-untrust {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
}
zones {
security-zone trust {
host-inbound-traffic {
system-services {
all;
ping;
https;
telnet;
ssh;
}
protocols {
all;
ospf;
bfd;
dvmrp;
bgp;
nhrp;
igmp;
pgm;
pim;
vrrp;
router-discovery;
ldp;
}
}
interfaces {
vlan.0;
ge-0/0/1.0 {
host-inbound-traffic {
system-services {
ping;
traceroute;
https;
telnet;
ssh;
}
protocols {
all;
}
}
}
fe-0/0/2.0 {
host-inbound-traffic {
system-services {
ping;
https;
telnet;
all;
}
protocols {
all;
}
}
}
}
}
security-zone untrust {
screen untrust-screen;
interfaces {
ge-0/0/0.0 {
host-inbound-traffic {
system-services {
dhcp;
tftp;
}
}
}
}
}
}
}
poe {
interface all;
}
vlans {
vlan-trust {
vlan-id 3;
l3-interface vlan.0;
}
}
chris@core1>
chris@core1> show ospf neighbor
chris@core1> show ospf overview
Instance: master
Router ID: 1.1.1.1
Route table index: 0
LSA refresh time: 50 minutes
Area: 0.0.0.0
Stub type: Not Stub
Authentication Type: None
Area border routers: 0, AS boundary routers: 0
Neighbors
Up (in full state): 0
Topology: default (ID 0)
Prefix export count: 0
Full SPF runs: 11
SPF delay: 0.200000 sec, SPF holddown: 5 sec, SPF rapid runs: 3
Backup SPF: Not Needed
chris@core1> show ospf database
OSPF database, Area 0.0.0.0
Type ID Adv Rtr Seq Age Opt Cksum Len
Router *1.1.1.1 1.1.1.1 0x8000000f 144 0x22 0x806b 84
chris@core1>
Ping to vSRX Virtual IP 192.168.50.82
chris@core1> ping 192.168.50.82
PING 192.168.50.82 (192.168.50.82): 56 data bytes
64 bytes from 192.168.50.82: icmp_seq=0 ttl=64 time=5.704 ms
64 bytes from 192.168.50.82: icmp_seq=1 ttl=64 time=5.688 ms
64 bytes from 192.168.50.82: icmp_seq=2 ttl=64 time=4.760 ms
64 bytes from 192.168.50.82: icmp_seq=3 ttl=64 time=5.431 ms
64 bytes from 192.168.50.82: icmp_seq=4 ttl=64 time=4.542 ms
^C
--- 192.168.50.82 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 4.542/5.225/5.704/0.484 ms
==================================
Virtual vSRX GE-0/0/0 = 192.168.50.82/24;
root> show configuration
## Last commit: 2020-05-13 20:00:53 UTC by root
version 12.1X47-D15.4;
system {
root-authentication {
encrypted-password "$1$nkMlPHBq$mk57yKMk19DbxbYPzhDET0"; ## SECRET-DATA
}
services {
ssh;
web-management {
http {
interface ge-0/0/0.0;
}
}
}
syslog {
user * {
any emergency;
}
file messages {
any any;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
license {
autoupdate {
url https://ae1.juniper.net/junos/key_retrieval;
}
}
}
interfaces {
ge-0/0/0 {
unit 0 {
family inet {
address 192.168.50.82/24;
}
}
}
ge-0/0/1 {
unit 0 {
family inet {
address 10.0.0.2/24;
}
}
}
}
protocols {
ospf {
area 0.0.0.0 {
interface ge-0/0/0.0;
}
}
}
security {
forwarding-options {
family {
mpls {
mode packet-based;
}
}
}
}
root> show ospf neighbor
root> show ospf neighbor
root> show ospf overview
Instance: master
Router ID: 10.0.0.2
Route table index: 0
LSA refresh time: 50 minutes
Area: 0.0.0.0
Stub type: Not Stub
Authentication Type: None
Area border routers: 0, AS boundary routers: 0
Neighbors
Up (in full state): 0
Topology: default (ID 0)
Prefix export count: 0
Full SPF runs: 3
SPF delay: 0.200000 sec, SPF holddown: 5 sec, SPF rapid runs: 3
Backup SPF: Not Needed
root> show ospf database
OSPF database, Area 0.0.0.0
Type ID Adv Rtr Seq Age Opt Cksum Len
Router *10.0.0.2 10.0.0.2 0x80000004 44 0x22 0x4635 36
Ping to physical SRX 192.168.50.41
root> ping 192.168.50.41
PING 192.168.50.41 (192.168.50.41): 56 data bytes
64 bytes from 192.168.50.41: icmp_seq=0 ttl=64 time=9.242 ms
64 bytes from 192.168.50.41: icmp_seq=1 ttl=64 time=5.762 ms
64 bytes from 192.168.50.41: icmp_seq=2 ttl=64 time=6.090 ms
64 bytes from 192.168.50.41: icmp_seq=3 ttl=64 time=6.031 ms
64 bytes from 192.168.50.41: icmp_seq=4 ttl=64 time=4.913 ms
^C
--- 192.168.50.41 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 4.913/6.408/9.242/1.478 ms