SRX

Hi,

I have issue where none of my servers are ping, ssh to each other. They are not able to ping the gateway eaither, but all can access the internet. I have a site to site VPN setup and that is working fine I can ping from my local PC and connect to these servers. I have the following set:

policy trust_to_any {
    match {
                    source-address any;
                    destination-address any;
                    application any;
                    from-zone trust;
                    to-zone any;
                }
                then {
                    permit;
                }
            }


security-zone trust {
            interfaces {
                reth0.0 {
                    host-inbound-traffic {
                        system-services {
                            https;
                            ping;
                            ssh;
                        }
                    }
                }
            }
        }

When I do the below command I get no results, even though on server 192.168.1.110 there is a constant ping to 192.168.1.120:

show security flow session protocol icmp
show security flow session source-prefix 192.168.1.110

Any ideas?

Are 192.168.1.110 and 192.168.1.120 in the same subnet?

Regards, Wojtek

Yes, 192.168.1.1/24.

There is a Cisco 2960 which has a vlan id of 50 set against the ports which these all plug into. But I don't need to set that anywhere in the SRX do I?

Looking at the other server the packets are getting there.

04:11:09.148146 ARP, Reply 192.168.1.210 is-at d0:91:56:66:7c:82 (oui Unknown), length 46

If they both are in the same subnet then SRX is not involved in the transmission. Look for the problem on the switch, firewall on the server etc.

Regards, Wojtek

Rebooting the server resolved. I thought it maybe down to Bonding on NIC's I did or arp cache. I restarted the service and cleared cache with no joy. A full reboot resolved it.