I can ping SRX device from any host within LAN (directly attached to SRX or through vpn), but SRX device itself cant ping devices trhough vpn.
Captured some traffic on destination host with tcpdump - and it sends echo reply's back to SRX and ofcourse it can successfully ping that device (and access via ssh).
Policy rules seems to be fine, icmp allowed in trust zone - dunno where to look
Go to Solution.
Do you have Junos-host zone configured? If so you need a policy from Junos-host zone to the external/untrus/trust zone to allow this traffic.