I hit my head for days trying to solve this issue. I am waiting for JTAC but still no answers. So my config is: SRX 650 with two ISP links. ISP1 is on inet.0 and ISP2 is on routing instance type forwarding with default route to ISP2 address. ISP2 is coming on trunk port and I had to create L3 vlan interface for it (vlan.823). I have rib-groups with import-rib [ inet.0 ISP2.inet.0 ] and show routes is ok. With filters and nat I managed to let some of the users to ISP2 link. Everything is permited from any to any zone. With ISP1 we have no issues. Junos version is 11.4R1.6
But with ISP2 we have the following problems:
- from outside I can't ping ISP2 address, can't access to J-web using http/https,ssh
- from inside the users who are using ISP2 can't use ftp or vpn but anything else is working (surfing, torrents, skype,...)
I attached part of the configuration. I tried everything: use filter on ISP2 to route to ISP2 routing instance, used virtual-router and put interfaces in it,...but without luck. ISP2 provider said that they didn't block anything.
Any help with this please?