Hi,
I have a BGP connection to my ISP and when my network is using the public IP of the SRX all is ok. But when I try to use a different IP in the subnet allocated such as 119.28.29.135.
Servers can send packets out but dont see a reply. I have setup a tcpdump on an external server and can see the packet arrive there from 119.28.29.135. It is showing the correct external IP and reply's to the ping to the correct addess 119.28.29.135, but I never see it arrive. I have put on a packet filter onto the SRX and still dont see a reply. Policises and static NAT are correct.
I think possibly the person that setup this BGP connection missed something, can someone double check the below BGP setup, and advise?
Thanks
from zone [ trust untrust ];
rule 4 {
match {
destination-address 119.28.29.135/32;
}
then {
static-nat {
prefix {
192.168.2.11/32;
}
}
}
}
}
}
proxy-arp {
interface reth0.0 {
address {
192.168.2.0/32;
}
}
}
policy trust_to_any {
match {
source-address any;
destination-address any;
application any;
from-zone trust;
to-zone any;
}
then {
permit;
}
}
zones {
security-zone untrust {
host-inbound-traffic {
system-services {
https;
ssh;
ping;
ike;
}
protocols {
bgp;
bfd;
}
}
interfaces {
reth1.0 {
host-inbound-traffic {
system-services {
ssh;
https;
ping;
ike;
}
protocols {
bgp;
bfd;
}
}
}
}
}
}
reth1 {
description "Internet Primary";
redundant-ether-options {
redundancy-group 1;
}
unit 0 {
family inet {
address 119.28.29.130/28;
}
}
}
routing-options { autonomous-system 0.65000; }
protocols {
bgp {
authentication-algorithm md5;
group ISP {
type external;
preference 100;
import import-default-route;
authentication-algorithm md5;
export my-bgp-network;
peer-as 38333;
outbound-route-filter {
prefix-based {
accept { inet; } } }
neighbor 119.28.29.129 {
local-address 119.28.29.130;
authentication-key "£dj60em9t045gimlkfvDfjnd6Au1"; ## SECRET-DATA } }
l2-learning {
global-mode switching;
}
}