SRX Services Gateway
Highlighted
SRX Services Gateway

SRX Unable to ping same subnet or gateway, but can access internet ok

‎11-08-2018 04:51 AM

Hi,

 

I have issue where none of my servers are ping, ssh to each other. They are not able to ping the gateway eaither, but all can access the internet. I have a site to site VPN setup and that is working fine I can ping from my local PC and connect to these servers. I have the following set:

policy trust_to_any {
    match {
                    source-address any;
                    destination-address any;
                    application any;
                    from-zone trust;
                    to-zone any;
                }
                then {
                    permit;
                }
            }


security-zone trust {
            interfaces {
                reth0.0 {
                    host-inbound-traffic {
                        system-services {
                            https;
                            ping;
                            ssh;
                        }
                    }
                }
            }
        }

When I do the below command I get no results, even though on server 192.168.1.110 there is a constant ping to 192.168.1.120:

show security flow session protocol icmp
show security flow session source-prefix 192.168.1.110

 

Any ideas?

5 REPLIES 5
SRX Services Gateway

Re: SRX Unable to ping same subnet or gateway, but can access internet ok

‎11-08-2018 05:17 AM

Are 192.168.1.110 and 192.168.1.120 in the same subnet?

 

Regards, Wojtek

SRX Services Gateway

Re: SRX Unable to ping same subnet or gateway, but can access internet ok

[ Edited ]
‎11-08-2018 06:09 AM

Yes, 192.168.1.1/24.

 

There is a Cisco 2960 which has a vlan id of 50 set against the ports which these all plug into. But I don't need to set that anywhere in the SRX do I?

SRX Services Gateway

Re: SRX Unable to ping same subnet or gateway, but can access internet ok

‎11-08-2018 09:12 AM

Looking at the other server the packets are getting there.

04:11:09.148146 ARP, Reply 192.168.1.210 is-at d0:91:56:66:7c:82 (oui Unknown), length 46

SRX Services Gateway

Re: SRX Unable to ping same subnet or gateway, but can access internet ok

‎11-08-2018 12:14 PM

If they both are in the same subnet then SRX is not involved in the transmission. Look for the problem on the switch, firewall on the server etc.

 

Regards, Wojtek

SRX Services Gateway
Solution
Accepted by topic author VOIPBunny
‎11-09-2018 03:18 AM

Re: SRX Unable to ping same subnet or gateway, but can access internet ok

‎11-09-2018 03:18 AM

Rebooting the server resolved. I thought it maybe down to Bonding on NIC's I did or arp cache. I restarted the service and cleared cache with no joy. A full reboot resolved it.